Manage Roles
A user is added to a user group for which one or many roles are assigned. Roles are used to configure the level of permissions to the CLI and the set of features to which a user has access.
CLI Permissions Reference
| Permission | Options | Description |
|---|---|---|
| Console Shell Access Level | Admin | Standard | Disabled | Ability to connect to nodes' command lines via Lighthouse's SSH. Standard allows access the node’s console with the same username as the Lighthouse user, if the user has an existing user account of the same name on the node. The user will be asked for the password of their account on the node whilst connecting. Admin will access the node’s console as the node’s root user. Lighthouse will authenticate the connection to the node using it’s own ssh key, the user will not have to enter a password. |
| Shell Access | Enabled | Disabled | Ability to access the Lighthouse command line as an administrator. |
| PM Shell Access | Enabled | Disabled | Ability to connect to serial ports via SSH. |
Operation Permissions Reference
| Feature Set | Feature | Description |
|---|---|---|
| Actions | Events | Ability to enable or disable if events are used to generate notifications. |
| Subscriptions | Ability to manage third-party access to events. | |
| Logging | Port Logging | Currently allows access to delete port logs through the API. Other port logging functionality is currently available through the CLI on Lighthouse. Any additional API port logging functionality will be accessible via this permission. |
| Syslog | Allows managing the system syslog settings through the /system/logging endpoint, currently this functionality is not available via the UI. There is another permission (Services > Syslog) which allows the user to setup remote syslog servers for Lighthouse to send logs to. | |
| Netops | Netops Modules | Allows configuring Netops modules, this includes the ability to use each module, set each module to always deploy, and redeploy modules. Installing and updating the modules is handled under the Services > NetOps permission. |
| Advanced Features | Smart Management Fabric | Allows enabling Smart Management Fabric on Lighthouse and setting the internal area ID. Enabling this permission requires “Multiple Instance”. Enabling Smart Management Fabric on the nodes requires the Nodes and Configuration > Template Push permission. Configuring the Smart Management Fabric Network Range on the Lighthouse VPN, requires “Full Access” on Services > LHVPN. |
| Connected Resource Gateway | Allows managing resources through Connected Resource Gateway. To read or change tags on resources, you require the appropriate level on Tags. To read or change resource filters, you require the appropriate level on Filters. | |
| Nodes and Configuration | Nodes and Devices (Base) | Access to dashboard, nodes, ports, node enrollment and node web UI. Read Only allows you to view nodes and ports, make searches for ports, and view node and port filters. Full Access allows you to do Lighthouse driven node enrollments, and approve nodes that are in a pending state. You can also unenroll nodes. |
| Nodes and Devices (Advanced) | Extends Nodes and Devices (Base) permissions. Read Only allows access to cell health information, and node connection information. Full Access allows for changing the subscription associated with a node. |
|
| Nodes and Cellular Firmware Management | Ability to manage node and modem firmware uploads and schedule node upgrades. | |
| Port Management | Ability to terminate active serial sessions.
Deny Users with deny on all of their ports are unable to see the sessions column in the ports table, and they cannot search user names in the free text search if they don’t have access to session information. Read Only allows read-only viewing of session details, and the use of the free text search to find active sessions by username. Full Access allows access to see and terminate sessions. By default, the Lighthouse Admin role receives Full Access, the Node Admin and Reporter roles receive Read-Only, and the Node User receives Deny. |
|
| Template Push | Ability to push templates to nodes and manage templates. | |
| Config Managemen |
Ability to create, edit, delete, commit, link, and unlink configuration profiles. Deny does not allow users to see any pages or fields related to Configuration Management. Read Only allows read-only viewing of what allows read-only viewing configuration profiles and data. Full Access allows access to see all configuration management screens and perform all actions. |
|
| Service Settings | LHVPN | |
| Cell Health | ||
| Console Gateway | Handles console gateway settings. | |
| Custom Login Message |
Access to set the custom login message:
When a custom login message is enabled, it is visible to all visitors to the Lighthouse login page prior to logging in. |
|
| Date & Time | ||
| HTTPS | ||
| Netops | Ability to install Netops modules and modify local Netops repositories. | |
| Node Backup | ||
| Session Settings | Access to set idle timeouts for the Web UI and CLI sessions and enable or disable the alternate API port status:
|
|
| SNMP | ||
| SSH | Handles the SSH authentication and configuration settings. | |
| Syslog | ||
| Filters and Tags | Bundles | Ability to manage bundles. |
| Filters | Allows for the management and use of filters. | |
| Tags | Allows for the management and use of tags. | |
| System | Admin and Subscriptions | Ability to manage access settings for Lighthouse and manage subscription details. |
| Backup and Restore | ||
| Jobs | ||
| Multi-instance | Ability to manage multi-instance settings and control state of instances | |
| Network Settings |
Ability to manage the settings on the NETWORK SETTINGS page:
|
|
| System Upgrade and Reset | ||
| User and Permissions | Authentication | Ability to manage authentication settings including methods of authentication, policy and restrictions. |
| Group and Roles | Ability to create and edit roles and groups, but not the ability to assign them to users. | |
| Users | Ability to view and manage users, including creation and removal of users. |