Resource groups
Resource groups define the specific system resources that users can access in the UI. Resource groups are associated with roles. When administrators assign a role to a user group, the user group gains access to the network resources specified in the resource group. Resource groups represent the ability to configure specific types of things in the system, such as fabrics, workloads, or profiles.
Resources are organized into groups based on logical functional boundaries. Access to the specific functional areas can be associated with roles, and ultimately to user groups according to the type of network activities the user group is meant to perform.
The system comes with a set of predefined resource groups for common functional areas. Administrators cannot create new resources groups.
Viewing a list of resource groups
- Click to open the main menu.
- Select User and Resource Management.
- Select Resource Groups from the drop-down list.
Use the sort and filter columns to narrow the list.
Predefined resource groups
Predefined resource groups shows the predefined resource groups and describes the specific permissions that the resource groups allow for users. When creating a role, administrators can associate a specific resource group or a combination of multiple resource groups.
For example, the administrator may want to allow only a specific set of users to configure QoS policies. The administrator can create a role that includes the RG-qos resource group, with the permission set to read / write. Then, the administrator can create a user group with this particular role assigned. User members of the user group are allowed permission to view and modify QoS profiles.
Resource group | Resource type | Description |
---|---|---|
RG-AAA | AAA | User, user group, and resource group management |
RG-alarmmgr | alarmmgr | Access to system alarm manager objects |
RG-catalog | catalog | Access to catalogs |
RG-connect | connect | Access to system connect objects |
RG-devices | device | Configuring devices |
RG-fabric | fabric | Configuring fabrics between the switches |
RG-fabric-telemetry | fabric-telemetry | Access to all the statistics, events, and so on that are collected between the switches. |
RG-fabric-uplinks | fabric-uplinks | Configuring the fabric uplinks of a fabric |
RG-fabric-uplink-protocols | fabric-uplink-protocols | Configuring the uplinks of the fabric, which can include Layer-2, Layer-3, and protocols to interface with external routers connected to fabric uplinks |
RG-images | image | Provides OS images of the device |
RG-infra | infra | Access to infra settings |
RG-label | label | Access to labels |
RG-Layer-1 | layer1 | Configuration of Layer-1 aspects such as SFP, breakout, and so on |
RG-Layer-2 | layer2 | Layer-2 configurations such as VLANs, LAG, and so on |
RG-Layer-2-protocols | l2protocols | Layer-2 protocol configurations such as LLDP, LACP, and so on |
RG-Layer-3 | layer3 | Layer-3 configurations such as sub-interfaces, static and dynamic routing policies, and so on |
RG-Layer-3-protocols | l3protocols | Layer-3 protocol configurations such as BGP, OSPF, ISIS, and so on |
RG-Maintenance | maintenance | Access to node maintenance intent |
RG-Management | management | Configuring the management VRF and the relevant CoPP aspects |
RG-mgmt-protocols | management-protocols | Configuring protocols used to manage SR Linux such as SSH, gNMI, NTP, FTP, and so on |
RG-qos | qos | Configuration of QoS policies; can include CoPP |
RG-region | region | Creating and configuring data center regions |
RG-sandbox | sandbox | Access to sandbox environment |
RG-security | security | Configuring security policies for workloads and fabrics |
RG-sync | sync | Provides access to sync objects when configuring geo-redundancy |
RG-topology | topology | Topology access for fabrics |
RG-workload | workload | Configures workload related policies, including ACL and QoS policy profiles, but cannot edit the ACL and QoS profiles |
RG-workload-attachments | workload-attachments | Configure workload attachment points |
RG-workload-telemetry | workload-telemetry | Access to all statistics, events, flows, and so on, collected on the downlinks |