Roles

Roles is a standard configuration interface for the permissions that user groups use when accessing the UI. Multiple user groups can use the same role.

For conceptual information about roles, user groups, and users, see the following topics in Unified Assurance Security Guide:

• Authentication Options and Adding User Accounts

• Configuring Multitenancy

• Multi-Group Users

For information about interacting with the grid and form, see Standard Configuration Interface in Unified Assurance Concepts.

This user interface calls REST methods from the api/AAA/roles endpoints. See REST API for Unified Assurance Core for details.

The UI path for this interface is Configuration -> AAA -> Roles.

Form Fields

• Name: The name of the role. The configured role names are visible when configuring user groups.

• Description: The description of the role.

• Permissions: Selection groups for the available ACLs that control access to the different sections of Unified Assurance. To see a description of the permission, hover over the ID or name.

Best Practices

• When creating a new role, ensure it has the correct permissions for each section in Unified Assurance. Proper role creation is required in a multitenant environment.

• When assigning a permission to a role, always enable the Read flag of that permission. Without this flag enabled, members of groups assigned to this role will be unable to access the configured secure area of the application.

Default Roles

• Administrator: This role has all read, create, update, delete, and execute permissions for every secured area of the application.

• Anonymous: This role has login ability, but no read, create, update, delete, or execute privileges to any secured area of the application.

• API: This role is intended to provide read, create, update, and execute access for applications which act as a user to call the Unified Assurance API. This role also has delete permissions for some areas of the application.

• Operator: This role has read access to every secured area of the application except UserProfiles and GlobalProperties.

• Publisher: This role is intended to provide limited read and write access to User Groups, Users, Queries, Files, TL1 Gateways, TL1 Gateway Elements, Graph Vertices, Dashboards, Reports, Event Displays, Event Filters, SLM Services, SLM Events, and SLM Metrics.

Global Permissions

These permissions override configured security options for objects within the application. For example, a file created by user Anne with herself as the owner, would be visible only to Anne and members of a group with either the PUBLISHER or SUPER permissions.

• PUBLISHER: The ability to edit access permissions for application objects, such as reports and files.

• SUPER: The ability to read and edit everything in the application.

Navigation Permissions

You use navigation permissions to control which components and menus appear in the navigation bar for the different user groups.

To show the Bookmarks and Configuration menus, add the Read permission for them under the navigation package. Other permissions under other packages control access to the Configuration submenus and options.

To show other components, add them under their respective componentNameNavigation package. For example:

• Under analyticsNavigation, add Analytics to show the Analytics menu.

  • To show submenus, add Admin, Operator, or Viewer permissions under the eventAnalytics, metricAnalytics, flowAnalytics and vision packages.

• Under eventNavigation, add Events to show the Events component.

• Under SLMNavigation, add NavServices to show the Services component.