How do I configure a role?
Purpose
A role object specifies access rights to specific NSP functions and network resources. Roles are assigned to user groups, bringing all access rights defined on the role to all members of the user group.
Consider the following before configuring a role:
-
If you intend to assign resource group access to a role, you must configure your resource groups before completing this procedure.
-
If you intend to assign Data Collection and Analysis resource access in this role, you must first configure Data Collection and Analysis, and must assign Read/Write/Execute permission to the Analyze/Assure or Data Collection and Analysis category.
-
A user with access to device discovery must also be given access to device management. Device management access is required to view discovered devices.
Note: Do not confuse the Access settings with the Deployment Control settings that are configured in the NSP settings; the Deployment Control settings determine which NSP views are activated and available.
Steps
1 |
Open Users and Security. |
2 |
Select Roles from the drop-down list on the toolbar. |
3 |
Click Create Role. The Create Role form opens. |
4 |
In the Identification panel, specify a role name and description. The Role Name and Description fields can employ only the following special characters: - _ . @ The Role Name string must not contain any spaces, including a leading or trailing space. |
5 |
In the Characteristics panel, you can enable the Administrator designation for the role. To create an administrative role with access to all resource groups and function, enable the Administrator check box. If you enable this option, no further steps are necessary. Click Create to save the role. |
6 |
To assign NSP functional access to the role, go to the Action Permissions panel and select an access level from the drop-down list for each NSP GUI you want to include in the role. For a description of the access permissions, see NSP action permissions. If you intend to assign Data Collection and Analysis resource access in this role, you must assign Read/Write/Execute permission to Data Collection and Analysis. |
7 |
To assign network resource access to the role, go to the Resource Groups Access panel. (For a detailed explanation of the Resource Groups Access panel, see How do I set network resource access levels?.) You can assign resource group access globally, to resource group categories, to individual resource groups, or a combination of these.
|
8 |
To assign Analytics resource access to the role, go to the Analytics Resource Access panel. In order for the Analytics Resource Access panel to appear, Analytics reporting must be enabled and configured in NSP and you must assign Read/Write/Execute access to Analytics in this role. Assign access to Analytics categories or individual Analytics resources in the Analytics Repository list:
Note: The View/Execute permissions for a report in an Analytics report repository do not apply to drill-downs. For example, a user group has View/Execute permission for report A but no permission for report B. If report B is a drill-down from report A, users will be able to execute report A via report B, although this might not seem obvious. |
9 |
Click Create to save your changes and return to the Roles list. End of steps |