...
You define user administration functions in the Settings window (Settings icon –> > User Admin section), performing the following tasks:
...
While it is possible to select the entire table's worth of data in the Users page (Settings icon –> > User Admin –> > Users), the admin user account can never be deleted; the default set of NetMRI Roles (Settings icon –> > User Admin –> > Roles) also may not be deleted (though they are otherwise editable) and the Delete option is ghosted for each of them in the Action menu. In all cases, NetMRI user accounts with read-only privileges will not be able to perform this action.
...
You create, edit, and delete user accounts on the Users page (Settings icon –>> User Admin section–>section > Users). By default, the admin account is the single user account built into the appliance. You cannot remove this account.
...
A role defines what a user can do within NetMRI. Each role consists of a set of privileges, each of which specifies a distinct permitted activity. The Roles page (Settings icon –> > User Admin –> > Roles) enables an administrator to create, edit, and delete roles.
To create a new role, complete the following:
- Click Add (below the table).
- In the Add Role dialog –> > Users tab, enter a descriptive name in the Name field.
- In the Description field, describe the role.
Click Save. This adds the new role to the Roles table. The Users and Privileges tabs appear.
Note title Note You can assign one or more user accounts or privileges to the new role. It is not necessary to assign users to the role (this can be done in the user account), but privileges must be assigned for the new pole to be meaningful.
...
- In the Users tab, click Add. The Add User for <Username> Role dialog appears, displaying a Users drop-down list and the list of Device Groups in the appliance.
...
- In the Add User for <Username> Role dialog
...
- > User drop-down list, choose one or more users for the role.
7. In the Device Group table, select the device group check boxes to be associated with this role.
...
To specify privileges for the role, perform the following:
- In the Edit Role –> > Privileges tab, click Add.
- In the Add Privileges dialog, select the Privileges check boxes (see list below) to be associated with the role.
- Click OK.
- In the Edit Role dialog, click Save & Close.
...
Privilege | Description |
|---|---|
Configure Networks | A system privilege applied to SysAdmin roles. Allows adding of new networks, changing Network View mappings, and mapping local VRFs to networks. |
Switch Port Admin | A system privilege applied to Switch Port Administrator Roles. This Privilege allows the Role to perform the following tasks:
|
Collection: Poll On-Demand | Users with this privilege can perform on-demand polling of individual network devices for the admin account using this privilege. |
View: Non Sensitive | Ability to view all non-sensitive information in NetMRI, such as Issues, Changes, audit logs, and device states through the Device Viewer. Users with these privileges cannot carry out the following:
|
View: Sensitive | Ability to view all sensitive information in NetMRI, including policy compliance configurations, device configurations in Configuration Management, configuration of user accounts, and Setup, Licensing, and Database tasks otherwise not accessible by View: Non Sensitive privileges. |
View: NetMRI System Info | Ability to view NetMRI appliance settings. |
Custom Data: Input Data | A privilege allowing non-Admin user accounts to edit and enter information in custom data fields previously created by the Admin account. For example: for network devices, custom fields are useful for recording important contextual data such as asset tag numbers and physical location — information that NetMRI does not gather on its own. By default, the Admin account is the only account with permissions to edit such data fields. |
System Administrator | Allows the user complete access to the NetMRI appliance. |
Reset Passwords | A privilege that allows a user to change passwords other than their own. |
User Administration | A privilege that allows a user to create users, and assign roles and privileges. |
Issues: Modify Parameters | A privilege that allows a user to define and change analysis parameters, including analysis schedules. |
Issues: Modify Suppression Parameters | A privilege that allows a user to modify issue suppression parameters. |
Issues: Modify Priority | A privilege that allows a user to set the priority of issues. |
Issues: Define Notifications | A privilege that allows a user to define notifications for the issues. |
Scripts: Author | Author scripts and packaged commands, and save them for re-use by others. |
| Scripts: Approve 1 | Approve packaged scripts and commands designated level 1 (low risk). |
| Scripts: Approve 2 | Approve packaged scripts and commands designated level 2 (medium risk). |
| Scripts: Approve 3 | Approve packaged scripts and commands designated level 3 (high risk). |
| Scripts: Execute 1 | Execute packaged scripts and commands designated level 1 (low risk). |
| Scripts: Execute 2 | Execute packaged scripts and commands designated level 2 (medium risk). |
| Scripts: Execute 3 | Execute packaged scripts and commands designated level 3 (high or unknown risk). |
| Scripts: Schedule 1 | Schedule packaged scripts and commands designated level 1 (low risk). |
| Scripts: Schedule 2 | Schedule packaged scripts and commands designated level 2 (medium risk). |
| Scripts: Schedule 3 | Schedule packaged scripts and commands designated level 3 (high or unknown risk). |
Policy: Create, Edit, and Delete | Create, edit, and delete policies and policy rules. |
Policy: Deploy | Ability to assign the device groups against which a policy is checked. |
Events: Admin | Ability to create event symptoms. |
Groups: Create | Ability to create and edit device and/or interface groups in NetMRI. |
Groups: Result Sets | Ability to create and edit result sets. |
Groups: Delete | Ability to remove the device and/or interface groups. |
Terminal: Modify Credentials | Allow the user to modify their own CLI credentials. This privilege restricts/allows users with the given role to change their own CLI credentials (Settings –> > User Admin –> > edit User –> > CLI Credentials). By default, this tab is disabled for user accounts without this privilege. NetMRI roles that have this privilege by default include SysAdmin, UserAdmin, and ChangeEngineer High. For roles other than those noted, this privilege is manually assigned. |
| Allow users to activate Telnet/SSH sessions from the right-click menu. Should a user account not have this privilege, a popup message appears explaining that they do not have sufficient privileges to use this feature. NetMRI roles with this privilege include SysAdmin, UserAdmin, ChangeEngineer High, and ChangeEngineer Medium. For roles other than those noted, this privilege is assigned manually. |
Terminal: Use NetMRI Creds | Allow the user to log in to devices using the default login/enable credential associated to the device within NetMRI. These are not vendor default credentials. If a terminal session is opened and the user has the appropriate privileges, the terminal shell queries the device credentials based on status and connection type and attempts a login using those if they are available. If not, a username and password are requested from the user. |
Tools: All | Allows access to all available Network Tools in NetMRI. |
Tools: Ping/Traceroute | Allows access to the NetMRI Ping/Traceroute Tool. |
Tools: Path Diagnostics | Allows access to the NetMRI Path Diagnostic Tool. |
Tools: SNMP Walk | Allows access to the NetMRI SNMP Walk Tool. |
Tools: Cisco Cmd Tool | Allows access to the NetMRI Cisco Command Tool. |
Tools: Discovery Diag | Allows access to the NetMRI Discovery Diagnostics Tool. |
Tools: FindIT | Allows access to the NetMRI FindIT Tool. |
...
The Audit Log (Settings icon –> > User Admin –> > Audit Log) lists all actions taken by user accounts that result in changes to NetMRI or any of the data sets the account manages. Log entries include the timestamp in which the action was taken, the User name, a description of the action, and field change details when applicable.
Log entries are initially ordered by time, with the most recent at the top of the list. The table can be reordered, for example, to consolidate a particular user's actions. Alternatively, use quick searching to isolate specific log entries.
...
As an aid to track what NetMRI or its users are doing on the network, you can also view the audit logs for all events in which NetMRI or its users attempt to use SSH or Telnet sessions to network devices. The amount of data collected for such events can substantially impact the size of the collected event database, so you can switch this feature on and off when needed and change the duration of these events being held in the database. Connection events that are covered by this log category include SSH/Telnet connections for Config Collection, Credential Collection, terminal emulation, and Job Engine Run connections. Unknown connections may also be recorded, which will be events such as API calls.
To view and change these settings, go to Settings icon –> > General Settings –> > Advanced Settings –> > Notification category –> > Log All CLI Sessions. The default value is On. You can also choose the No Commands Logged option, which retains the session events but prevents any sensitive CLI data from being recorded.
An associated Advanced Setting, Prune CLI Session Duration, enables you to regularly prune the amount of CLI session data by setting the retention time for keeping that data in the Device Audit Log. The default setting is 7 days.
...
Several important global NetMRI user account settings are located in the Advanced Settings section. To access them, go to Settings icon –> > General Settings –> > Advanced Settings, and then use the Next Page button to get to the User Administration category. Advanced User Administration settings determine the following:
...