The following table describes NetMRI system privileges that can be assigned to roles.
Privilege | Description | ||
---|---|---|---|
Configure Networks | A system privilege applied to SysAdmin roles. Allows adding of new networks, changing Network View mappings, and mapping local VRFs to networks. | ||
Switch Port Admin | A system privilege applied to Switch Port Administrator Roles. This Privilege allows the Role to perform the following tasks: Modify port descriptions (Interface Viewer > Settings > Port Control Settings). Set a switch port to Administratively UP or Administratively Down (Interface Viewer > Settings > Port Control Settings). Change a port's VLAN assignment (Interface Viewer > Settings > Port Control Settings). Specify ports to exclude from Switch Port Management page views (Interface Viewer > Settings > General Settings). Access Analysis | Users with this privilege can define and modify security control issues. | |
Access Provision | Users with this privilege can provision ACL/firewall rules. | ||
Access Search | Users with this privilege can define and modify security control search rules | ||
Collection: Poll On-Demand | Users with this privilege can perform on-demand polling of individual network devices for the admin account using this privilege. | ||
View: Non Sensitive | Ability to view all non-sensitive information in NetMRI, such as Issues, Changes, audit logs, and device states through the Device Viewer. Users with these privileges cannot carry out the following:
| ||
View: Sensitive | Ability to view all sensitive information in NetMRI, including policy compliance configurations, device configurations in Configuration Management, the configuration of user accounts, and Setup, Licensing, and Database tasks otherwise not accessible by View: Non Sensitive privileges. | ||
View: NetMRI System Info | Ability to view NetMRI appliance settings. | ||
View: System Health Banner | Ability to view NetMRI system health banners. The privilege is automatically added to all roles except for the FindIT role. Note | Configure Networks | A system privilege applied to SysAdmin roles. Users with this privilege can add new networks, change network view mappings, and mapping local VRFs to networks. |
Custom Data: Input Data | A The privilege allowing allows non-Admin user accounts to edit and enter information in custom data fields previously created by the Admin account. For example: for network devices, custom fields are useful for recording important contextual data such as asset tag numbers and physical location — information that NetMRI does not gather on its own. By default, the Admin account is the only account with permission to edit such data fields. For more information, see Defining and Using Custom Fields and Enabling Custom Data Field Editing for Non-Admin Users. | ||
System Administrator | Allows the user complete access to the NetMRI appliance. | ||
Reset Passwords | A privilege that allows a user to change passwords other than their own. | ||
User Administration | A privilege that allows a user to create users, and assign roles and privilegesEvents: Admin | Users with this privilege can create event symptoms. | |
Groups: Create | Users with this privilege can create and edit device and/or interface groups in NetMRI. | ||
Groups: Delete | Users with this privilege can remove the device and/or interface groups. | ||
Issues: Modify Parameters | A privilege that allows a user to Users with this privilege can define and change analysis parameters, including analysis schedules. | ||
Issues: Modify Suppression Parameters | A privilege that allows a user to Users with this privilege can modify issue suppression parameters. | ||
Issues: Modify Priority | A privilege that allows a user to Users with this privilege can set the priority of issues. | ||
Issues: Define Notifications | A privilege that allows a user to Users with this privilege can define notifications for the issues. | ||
Lists: Author | Users with this privilege can create and maintain lists. | ||
Policy: Create, Edit, and Delete | Users with this privilege can create, edit, and delete policies and policy rules. | ||
Policy: Deploy | Users with this privilege can assign the device groups against which a policy is checked. | ||
Polling: Collection and Groups | Users with this privilege can configure group data collection settings on the Settings icon > Setup > Collection and Groups page. Polling administrators have this privilege by default. | ||
Polling: Credentials | Users with this privilege can add or edit device credentials on the Settings icon > Setup > Credentials page. Polling administrators have this privilege by default. | ||
Polling: Device Support Bundles | Users with this privilege can work with device support bundles on the Settings icon > Setup > Device Support Bundles page. Polling administrators have this privilege by default. | ||
Polling: Discovery Settings | Users with this privilege can configure network settings on the Settings icon > Setup > Discovery Settings page. Polling administrators have this privilege by default. | ||
Polling: MIB Management | Users with this privilege can import, edit, or manage MIB files on the Settings icon > Setup > MIB Management page. Polling administrators have this privilege by default. | ||
Polling: Proxy Settings | Users with this privilege can configure proxy settings on the Settings icon > Setup > Proxy Settings page. Polling administrators have this privilege by default. | ||
Polling: SDN/SD-WAN Polling | Users with this privilege can configure SDN and SD-WAN polling settings on the Settings icon > Setup > SDN/SD-WAN Polling page. Polling administrators have this privilege by default. | ||
Reports: Report Manager | Users with this privilege can delete, cancel, and reorder reports in the Report Manager. | ||
Reset Passwords | Users with this privilege can change passwords other than their own. | ||
Scripts: Author | Author Users with this privilege can author scripts and packaged commands, and save them for re-use by others. | ||
Scripts: Approve 1 | Approve Users with this privilege can approve packaged scripts and commands designated level 1 (low risk). | ||
Scripts: Approve 2 | Approve Users with this privilege can approve packaged scripts and commands designated level 2 (medium risk). | ||
Scripts: Approve 3 | Approve Users with this privilege can approve packaged scripts and commands designated level 3 (high risk). | ||
Scripts: Execute 1 | Execute Users with this privilege can execute packaged scripts and commands designated level 1 (low risk). | ||
Scripts: Execute 2 | Execute Users with this privilege can execute packaged scripts and commands designated level 2 (medium risk). | ||
Scripts: Execute 3 | Execute Users with this privilege can execute packaged scripts and commands designated level 3 (high or unknown risk). | ||
Scripts: Schedule 1 | Schedule Users with this privilege can schedule packaged scripts and commands designated level 1 (low risk). | ||
Scripts: Schedule 2 | Schedule Users with this privilege can schedule packaged scripts and commands designated level 2 (medium risk). | ||
Scripts: Schedule 3 | Schedule Users with this privilege can schedule packaged scripts and commands designated level 3 (high or unknown risk). | ||
Policy: Create, Edit, and Delete | Create, edit, and delete policies and policy rules. | ||
Policy: Deploy | Ability to assign the device groups against which a policy is checked. | ||
Polling: Collection and Groups | Full access to Collection and Groups. | ||
Polling: Credentials | Full access to Credentials. | ||
Polling: Device Support Bundles | Full access to Device Support Bundles. | ||
Polling: Discovery Settings | Full access to Discovery Settings. | ||
Polling: MIB Management | Full access to MIB Management. | ||
Polling: Proxy Settings | Full access to Proxy Settings. | ||
Polling: SDN/SD-WAN Polling | Full access to SDN/SD-WAN Polling. | ||
Events: Admin | Ability to create event symptoms. | ||
Groups: Create | Ability to create and edit device and/or interface groups in NetMRI. | ||
Groups: Result Sets | Ability to create and edit result sets. | ||
Groups: Delete | Ability to remove the device and/or interface groups. | ||
Terminal: Modify Credentials | Allow the user to Switch Port Admin | A system privilege applied to Switch Port Administrator Roles. Users with this privilege can perform the following tasks: Modify port descriptions (Interface Viewer > Settings > Port Control Settings). Set a switch port to Administratively UP or Administratively Down (Interface Viewer > Settings > Port Control Settings). Change a port's VLAN assignment (Interface Viewer > Settings > Port Control Settings). Specify ports to exclude from Switch Port Management page views (Interface Viewer > Settings > General Settings). View system feedback for their most recent action. | |
System Administrator | The privilege gives users full access to the NetMRI appliance. | ||
Terminal: Modify Credentials | Users with this privilege can modify their own CLI credentials. This privilege restricts /or allows users with the given role to change their own CLI credentials (Settings > User Admin > edit User > CLI Credentials). By default, this tab is disabled for user accounts without this privilege. NetMRI roles that have this privilege by default include SysAdmin, UserAdmin, and ChangeEngineer High. For roles other than those noted, this privilege is manually assigned. | ||
Terminal: Open Session | Allow users to Users with this privilege can activate Telnet/SSH sessions from the right-click menu. Should a user account not have this privilege, a popup message appears explaining that they do not have sufficient privileges to use this feature. NetMRI roles with this privilege include SysAdmin, UserAdmin, ChangeEngineer High, and ChangeEngineer Medium. For roles other than those noted, this privilege is assigned manually. | ||
Terminal: Use NetMRI System Creds | Allow the user to Users with this privilege can log in to devices using the default login/enable credential associated with the device within NetMRI. These are not vendor default credentials. If a terminal session is opened and the user has the appropriate privileges, the terminal shell queries the device credentials based on status and connection type and attempts a login using those if they are available. If not, a username and password are requested from the user. | ||
Tools: All | Allows Users with this privilege have access to all available Network Tools in NetMRI. | ||
Tools: Ping/Traceroute | Allows Users with this privilege have access to the NetMRI Ping/Traceroute Tool. | ||
Tools: Path Diagnostics | Allows Users with this privilege have access to the NetMRI Path Diagnostic Tool. | ||
Tools: SNMP Walk | Allows Users with this privilege have access to the NetMRI SNMP Walk Tool. | ||
Tools: Cisco Cmd Tool | Allows Users with this privilege have access to the NetMRI Cisco Command Tool. | ||
Tools: Discovery Diag | Allows Users with this privilege have access to the NetMRI Discovery Diagnostics Tool. | ||
Tools: FindIT | Allows Users with this privilege have access to the NetMRI FindIT Tool. | ||
User Administration | Users with this privilege can create users, and assign roles and privileges. | ||
View: Audit Log | Users with this privilege can view NetMRI audit log. | ||
View: Job Session Logs | Users with this privilege can access session logs from executed scripts and commands. | ||
View: Non Sensitive | Users with this privilege can view all non-sensitive information in NetMRI, such as Issues, Changes, audit logs, and device states through the Device Viewer. Users with these privileges cannot carry out the following: Setup tasks beyond Setup Summaries (Settings > Setup > Settings Summary). License management and many other NetMRI Settings configurations (Settings > Setup > General Settings). Database settings beyond viewing statistics (Settings > Setup > Database Settings). View: Non-Sensitive also cannot view or modify device configuration files, CLI and SNMP credentials, or NetMRI user accounts. Users with View: Non Sensitive privileges can schedule and run reports. | ||
View: Sensitive | Users with this privilege can view all sensitive information in NetMRI, including policy compliance configurations, device configurations in Configuration Management, the configuration of user accounts, and Setup, Licensing, and Database tasks otherwise not accessible by View: Non Sensitive privileges. | ||
View: System Health Banner | Users with this privilege can view NetMRI system health banners. The privilege is automatically added to all roles except for the FindIT role.
| ||
View: System Info | Users with this privilege can view NetMRI appliance settings. |
Note |
---|
Privileges cannot be edited or deleted, and new Privileges cannot be created. |
...