Adding or editing a role

This topic provides instructions on adding and editing a role. 

During the configuration of a role, you assign the following types of rights to the role.

  • System Rights are rights that are not related to managing specific network devices.
  • Network Rights grant access to realms and specify the rights for each realm.

To add a role

On the Admin > User Admin > Roles page, click Add, and follow these steps:

  1. On the Details tab:
    • Specify a unique name for the role.
    • (Read-only) One role in the The referenced document [xwiki:Automation-DevSecOps.Network-Automation.TrueSight-Network-Automation.tsna251.TrueSight Network Automation 25\.1._Inclusion-Library._Common-terminology.WebHome] was not found. system is designated as the Root Role that cannot be modified or deleted.
    • Select Restricted to Reporting System to specify that this role exists only to support an external reporting or The referenced document [xwiki:Automation-DevSecOps.Network-Automation.TrueSight-Network-Automation.tsna251.TrueSight Network Automation 25\.1._Inclusion-Library._Common-terminology.WebHome] was not found. system, and not used by the The referenced document [xwiki:Automation-DevSecOps.Network-Automation.TrueSight-Network-Automation.tsna251.TrueSight Network Automation 25\.1._Inclusion-Library._Common-terminology.WebHome] was not found. system. If you select this option, the role cannot have system or network rights. Any selection that you make for those rights is ignored. You can still associate users with the role, because that association is also imported by the reporting system. Otherwise, the role does not appear anywhere else.
      If you do not select this option, the role is a normal The referenced document [xwiki:Automation-DevSecOps.Network-Automation.TrueSight-Network-Automation.tsna251.TrueSight Network Automation 25\.1._Inclusion-Library._Common-terminology.WebHome] was not found. Role with rights, as described in this section.
    • Specify an optional description for the role.

  2. On the System Rights tab, select the rights that the role will have. When a right is selected, it is granted and a user who belongs to this role will be allowed to perform the associated function.

    Note

    You might see dimmed-out, inoperable check boxes; this indicates you do not have permission to grant that particular right.

  3. On the Network Rights tab, select Full Rights or Selected Rights. Full rights grants all rights to the role. You must possess a right in order to be able to grant it, or you must possess the Allow Rights Promotion system right.
     For Selected Rights, select a realm (when more than one realm exists), and select specific rights from the tree, as shown in the following figure. You can grant different rights in different realms. Here also check boxes may be inoperable for rights you are not allowed to change.

    AddRole_NetworkRights.png
    For more details on managing system and network rights see Managing-access.
  4. Click Save.

For an example of rights that you might want to grant in roles, see Hiding-sensitive-data.

To edit a role

On the Admin > User Admin > Roles page, follow these steps:

  1. Click the Edit icon Icon_Edit.png.
  2. Change the details provided while adding the role, and click Save.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*