Privilege Descriptions
- Panna .
The following table describes NetMRI system privileges that can be assigned to roles.
Privilege | Description |
|---|---|
Access Analysis | Users with this privilege can define and modify security control issues. |
Access Provision | Users with this privilege can provision ACL/firewall rules. |
Access Search | Users with this privilege can define and modify security control search rules |
Collection: Poll On-Demand | Users with this privilege can perform on-demand polling of individual network devices for the admin account using this privilege. |
Configure Networks | A system privilege applied to SysAdmin roles. Users with this privilege can add new networks, change network view mappings, and mapping local VRFs to networks. |
Custom Data: Input Data | The privilege allows non-Admin user accounts to edit and enter information in custom data fields previously created by the Admin account. For example: for network devices, custom fields are useful for recording important contextual data such as asset tag numbers and physical location — information that NetMRI does not gather on its own. By default, the Admin account is the only account with permission to edit such data fields. For more information, see Defining and Using Custom Fields and Enabling Custom Data Field Editing for Non-Admin Users. |
Events: Admin | Users with this privilege can create event symptoms. |
Groups: Create | Users with this privilege can create and edit device and/or interface groups in NetMRI. |
Groups: Delete | Users with this privilege can remove the device and/or interface groups. |
Issues: Modify Parameters | Users with this privilege can define and change analysis parameters, including analysis schedules. |
Issues: Modify Suppression Parameters | Users with this privilege can modify issue suppression parameters. |
Issues: Modify Priority | Users with this privilege can set the priority of issues. |
Issues: Define Notifications | Users with this privilege can define notifications for the issues. |
Lists: Author | Users with this privilege can create and maintain lists. |
Policy: Create, Edit, and Delete | Users with this privilege can create, edit, and delete policies and policy rules. |
Policy: Deploy | Users with this privilege can assign the device groups against which a policy is checked. |
Polling: Collection and Groups | Users with this privilege can configure group data collection settings on the Settings icon > Setup > Collection and Groups page. Polling administrators have this privilege by default. |
Polling: Credentials | Users with this privilege can add or edit device credentials on the Settings icon > Setup > Credentials page. Polling administrators have this privilege by default. |
Polling: Device Support Bundles | Users with this privilege can work with device support bundles on the Settings icon > Setup > Device Support Bundles page. Polling administrators have this privilege by default. |
Polling: Discovery Settings | Users with this privilege can configure network settings on the Settings icon > Setup > Discovery Settings page. Polling administrators have this privilege by default. |
Polling: MIB Management | Users with this privilege can import, edit, or manage MIB files on the Settings icon > Setup > MIB Management page. Polling administrators have this privilege by default. |
Polling: Proxy Settings | Users with this privilege can configure proxy settings on the Settings icon > Setup > Proxy Settings page. Polling administrators have this privilege by default. |
Polling: SDN/SD-WAN Polling | Users with this privilege can configure SDN and SD-WAN polling settings on the Settings icon > Setup > SDN/SD-WAN Polling page. Polling administrators have this privilege by default. |
Reports: Report Manager | Users with this privilege can delete, cancel, and reorder reports in the Report Manager. |
Reset Passwords | Users with this privilege can change passwords other than their own. |
Scripts: Author | Users with this privilege can author scripts and packaged commands, and save them for re-use by others. |
Scripts: Approve 1 | Users with this privilege can approve packaged scripts and commands designated level 1 (low risk). |
Scripts: Approve 2 | Users with this privilege can approve packaged scripts and commands designated level 2 (medium risk). |
Scripts: Approve 3 | Users with this privilege can approve packaged scripts and commands designated level 3 (high risk). |
Scripts: Execute 1 | Users with this privilege can execute packaged scripts and commands designated level 1 (low risk). |
Scripts: Execute 2 | Users with this privilege can execute packaged scripts and commands designated level 2 (medium risk). |
Scripts: Execute 3 | Users with this privilege can execute packaged scripts and commands designated level 3 (high or unknown risk). |
Scripts: Schedule 1 | Users with this privilege can schedule packaged scripts and commands designated level 1 (low risk). |
Scripts: Schedule 2 | Users with this privilege can schedule packaged scripts and commands designated level 2 (medium risk). |
Scripts: Schedule 3 | Users with this privilege can schedule packaged scripts and commands designated level 3 (high or unknown risk). |
Switch Port Admin | A system privilege applied to Switch Port Administrator Roles. Users with this privilege can perform the following tasks: Modify port descriptions (Interface Viewer > Settings > Port Control Settings). Set a switch port to Administratively UP or Administratively Down (Interface Viewer > Settings > Port Control Settings). Change a port's VLAN assignment (Interface Viewer > Settings > Port Control Settings). Specify ports to exclude from Switch Port Management page views (Interface Viewer > Settings > General Settings). View system feedback for their most recent action. |
System Administrator | The privilege gives users full access to the NetMRI appliance. |
Terminal: Modify Credentials | Users with this privilege can modify their own CLI credentials. This privilege restricts or allows users with the given role to change their own CLI credentials (Settings > User Admin > edit User > CLI Credentials). By default, this tab is disabled for user accounts without this privilege. NetMRI roles that have this privilege by default include SysAdmin, UserAdmin, and ChangeEngineer High. For roles other than those noted, this privilege is manually assigned. |
Terminal: Open Session | Users with this privilege can activate Telnet/SSH sessions from the right-click menu. Should a user account not have this privilege, a popup message appears explaining that they do not have sufficient privileges to use this feature. NetMRI roles with this privilege include SysAdmin, UserAdmin, ChangeEngineer High, and ChangeEngineer Medium. For roles other than those noted, this privilege is assigned manually. |
Terminal: Use System Creds | Users with this privilege can log in to devices using the default login/enable credential associated with the device within NetMRI. These are not vendor default credentials. If a terminal session is opened and the user has the appropriate privileges, the terminal shell queries the device credentials based on status and connection type and attempts a login using those if they are available. If not, a username and password are requested from the user. |
Tools: All | Users with this privilege have access to all available Network Tools in NetMRI. |
Tools: Ping/Traceroute | Users with this privilege have access to the NetMRI Ping/Traceroute Tool. |
Tools: Path Diagnostics | Users with this privilege have access to the NetMRI Path Diagnostic Tool. |
Tools: SNMP Walk | Users with this privilege have access to the NetMRI SNMP Walk Tool. |
Tools: Cisco Cmd Tool | Users with this privilege have access to the NetMRI Cisco Command Tool. |
Tools: Discovery Diag | Users with this privilege have access to the NetMRI Discovery Diagnostics Tool. |
Tools: FindIT | Users with this privilege have access to the NetMRI FindIT Tool. |
User Administration | Users with this privilege can create users, and assign roles and privileges. |
View: Audit Log | Users with this privilege can view NetMRI audit log. |
View: Job Session Logs | Users with this privilege can access session logs from executed scripts and commands. |
View: Non Sensitive | Users with this privilege can view all non-sensitive information in NetMRI, such as Issues, Changes, audit logs, and device states through the Device Viewer. Users with these privileges cannot carry out the following: Setup tasks beyond Setup Summaries (Settings > Setup > Settings Summary). License management and many other NetMRI Settings configurations (Settings > Setup > General Settings). Database settings beyond viewing statistics (Settings > Setup > Database Settings). View: Non-Sensitive also cannot view or modify device configuration files, CLI and SNMP credentials, or NetMRI user accounts. Users with View: Non Sensitive privileges can schedule and run reports. |
View: Sensitive | Users with this privilege can view all sensitive information in NetMRI, including policy compliance configurations, device configurations in Configuration Management, the configuration of user accounts, and Setup, Licensing, and Database tasks otherwise not accessible by View: Non Sensitive privileges. |
View: System Health Banner | Users with this privilege can view NetMRI system health banners. The privilege is automatically added to all roles except for the FindIT role. After upgrading your NetMRI software from a previous version where the Hide the system banners from non-admin users advanced setting was enabled, only the SysAdmin role has the View: System Health Banner privilege. To add the privilege to a role, go to the Settings icon > User Admin > Roles and add the privilege to the role. For more information, see Defining and Editing Roles |
View: System Info | Users with this privilege can view NetMRI appliance settings. |
Privileges cannot be edited or deleted, and new Privileges cannot be created.