Privileges play a key part in role configuration. Each of the predefined roles uses a specific collection of privileges, which are predefined administrative functions that cannot be edited or changed. You can delete privileges from a defined role and create new roles with custom sets of privileges. For more information, see Privilege Descriptions
User accounts are the standard identities of all users of the NetMRI appliance.
You assign roles to each user account, after assigning the privileges that each user account is allowed to perform. User accounts are granular to individuals, while roles apply across different accounts.
NetMRI provides a set of pre-defined roles with specific privileges in NetMRI, as follows:
Role | Description |
Analysis Admin | The user can create and manage NetMRI issues. The role has the following privileges: Issues: Modify Parameters, Issues: Modify Suppression Parameters, Issues: Modify Priority, Issues: Define Notifications, View: Non-Sensitive, and View: System Health Banner. |
Change Engineer: High | The user can create, approve, execute, and schedule scripts designated High Level (Level 3) and lower. The role has the following privileges: Collection: Poll On-Demand, Lists: Author, Scripts: Approve Level 1, Scripts: Approve Level 2, Scripts: Approve Level 3, Scripts: Author, Scripts: Execute Level 1, Scripts: Execute Level 2, Scripts: Execute Level 3, Scripts: Schedule Level 1, Scripts: Schedule Level 2, Scripts: Schedule Level 3, Switch Port Admin, Terminal: Modify Credentials, Terminal: Open Session, View: Audit Log, View: Job Sessions Log, View: Non-Sensitive, View: Sensitive, and View: System Health Banner. This role can launch SSH and Telnet sessions using NetMRI's Telnet/SSH Proxy feature using User Credentials (Terminal: Open Session privilege). This role can modify CLI credentials (Terminal: Modify Credentials privilege). |
Change Engineer: Medium | The user can create, approve, execute, and schedule scripts designated Medium Level (Level 2) and lower. The role has the following privileges: Collection: Poll On-Demand, Lists: Author, Scripts: Approve Level 1, Scripts: Approve Level 2, Scripts: Author, Scripts: Execute Level 1, Scripts: Execute Level 2, Scripts: Schedule Level 1, Scripts: Schedule Level 2, Switch Port Admin, Terminal: Open Session, View: Job Sessions Log, View: Non-Sensitive, View: Sensitive, and View: System Health Banner. This role can launch SSH and Telnet sessions using NetMRIs Telnet/SSH Proxy feature (the Terminal: Open Session privilege) using NetMRI default credentials. By default, this role cannot modify CLI credentials. |
Change Engineer: Low | The user can create, approve, execute, and schedule scripts designated Low Level (Level 1). The role has the following privileges: Lists: Author, Scripts: Approve Level 1, Scripts: Author, Scripts: Execute Level 1, Scripts: Schedule Level 1, Switch Port Admin, View: Job Sessions Log, View: Non-Sensitive, View: Sensitive, and View: System Health Banner. Users with this role cannot launch SSH or Telnet sessions and those options will not appear in the device shortcut menu (right-clicking on a device's IP address, a VLAN IP, and other elements in the NetMRI UI). By default, this role cannot modify CLI credentials. |
Config Admin | A read-only account that can view all sensitive data in NetMRI. The role has the following privileges: View: Audit Log, View: Sensitive, View: Non-Sensitive, and View: System Health Banner. |
Default: View Role | A read-only account that is can view only non-sensitive data. The role has the following privileges: View: Non-Sensitive and View: System Health Banner. |
Event Admin | An event system administrator. The role has the following privileges: Events: Admin that enables the creation of new event symptoms, View: Non-Sensitive, and View: System Health Banner. |
FindIT | The user can only access the NetMRI FindIT tool. |
Group Manager | The user can create and manage interface groups, device groups, and related result sets. The role has the following privileges: Groups: Create, Groups: Delete, View: Non-Sensitive, View: Sensitive, and View: System Health Banner. |
Network Security Engineer | The user can provision ACL / firewall rules. The role has the following privileges: Access Provision, Access Search, Scripts: Approve Level 1, Scripts: Approve Level 3, Scripts: Execute Level 1, Scripts: Execute Level 3, Scripts: Schedule Level 1, Scripts: Schedule Level 3, View: Job Sessions Log, View: Non Sensitive, View: Sensitive, and View: System Health Banner. |
Network Operator | The user can define and modify security control search rules. The role has the following privileges: Access Search, View: Non-Sensitive, View: Sensitive, and View: System Health Banner. |
Policy Manager | The user can create and manage policies for one or more groups in NetMRI to standardize and lock down configurations for networked devices such as routers, switches, and firewalls. The role has the following privileges: Policy: Deploy, Policy: Create, Edit and Delete, View: Audit Log, View: Non-Sensitive, View: Sensitive, and View: System Health Banner. |
Polling Admin | The user can configure device polling. The role have the following privileges: Polling: Collection and Groups, Polling: Credentials, Polling: Device Support Bundles, Polling: Discovery Settings, Polling: MIB Management, Polling: Proxy Settings, Polling: SDN/SD-WAN Polling, View: Non Sensitive, and View: System Health Banner |
Report Admin | The user can create and edit the report features in NetMRI. The role have the following privileges: Reports: Report Manager, View: Non-Sensitive, View: Sensitive, and View: System Health Banner. |
Switch Port Administrator | The user can make changes to switch port configurations. The role have the following privileges: Collection: Poll On-Demand, Scripts: Approve Level 1, Scripts: Execute Level 1, Scripts: Schedule Level 1 ,Switch Port Admin, View: Non Sensitive, View: Sensitive, and View: System Health Banner. |
SysAdmin | The global administrator account role for NetMRI. SysAdmins can manage, add, and remove scan interfaces and map them to networks, manage, add, and remove network views. The role have the following privileges: System Administrator, View: Audit Log, Configure Networks, Polling: Collection and Groups, Polling: Credentials, Polling: Device Support Bundles, Polling: Discovery Settings, Polling: MIB Management, Polling: Proxy Settings, Polling: SDN/SD-WAN Polling, Terminal: Modify Credentials, Terminal: Open Session, and View: System Health Banner. |
User Admin | The user can create and edit NetMRI user accounts and roles, and assign privileges. The role have the following privileges: Issues: Define Notifications, Reset Passwords, Terminal: Modify Credentials, Terminal: Open Session, User Administration, View: Audit Log, View: Non-Sensitive, and View: System Health Banner. |
You can create custom roles, with custom sets of privileges to suit the needs of your organization. You can add and remove privileges and user accounts from each of the predefined roles in the NetMRI appliance. For more information, see Defining and Editing Roles.
The default roles built into the system cannot be deleted from the appliance. Custom roles can be deleted and edited.