Starting v7.1, users and roles may be granted permissions to certain devices, allowing them to only see and interact with information pertaining only to those devices.
Administrators may use device permissions to select those devices which will be accessible to specific roles. This allows administrators to effectively limit some users from having access to information that should not be visible to them.
Note: Upgrading to 7.1 will retain all users’ permissions to all devices
Note: Users who have not been associated with a role will automatically receive the ‘Read-Only” role when upgrading to v7.1
Users associated with specific roles will only be able to see information pertaining to devices to which they have been granted permissions.
Granting permissions to a group of devices may be done by using Device Labels (See part 5 – Device Management).
Roles may be granted permissions to devices by adding the relevant device labels. Assigning a label to a role will allow that role to have access to all devices under that label.
- To assign device permissions to a role, navigate to the Roles section under the Settings tab the UI.
2. Ensure you have sufficient permissions to perform the change and select the role you wish to edit and click Edit.
3. Click the Assign Labels button
4. From the Device Permissions section, select the appropriate labels from the table and click OK.
To remove permissions select the label you wish to remove, click the more options button and select Unassign labels.
To view the list of devices associated with a label, tick one or more of the checkboxes under Device Permissions.
When a device is associated with multiple labels, hovering over the device name will display the list of labels (which are viewable to the selected role).
To add or remove devices from labels, navigate to the Device Page. See section 5 – Device Management for more information.
Select Full Permissions to allow the selected role the full set of permissions to all devices currently existing on the system as well as any devices added to it in the future.
Roles not assigned to any labels will not have access to ANY devices.
Users not assigned to a role will not have access to ANY devices.
Note: the Rule and Backup sections are precluded from the Device Permissions feature. These sections will not be affected by changed made to roles’ device permissions.
Tips and Tricks
If you want to email certain issues to certain users, you can define a role that is restricted to a given label or devices. However, your users want to view all issues relating to other devices. In other words, this is just for the purpose of email notifications.
For example, John only wants to receive emails about issues relating to F5 devices. You can create a fictitious user (e.g. username = phantom-john) with his email address. Notice that phantom-john is not the username John uses to login to the system. Instead, John uses his regular username with permissions to view issues relating to all devices. Associate phantom-john to the role with the Device Permissions set to F5 devices only.