...
Demonstrate opFlowSP Role Based Access Control (RBAC) feature.
Feature Description
opFlowSP defaults to Classic mode authorisation (see opCharts references to classic vs RBAC Authorisation). Classic mode means the user's "group" list (from Users.nmis) is queried to check which Nodes(agents) the user is allowed to view.
RABC mode allows fine grained access vs group based access. For instance Service providers may want to allow customers to view flow statistics related to specific their interfaces, yet prevent them from viewing other customer interfaces. This feature facilitates this functionality.
...
Code Block |
---|
/usr/local/omk/bin/oprbac_admin.exe act=create-object path=root,opflowsp,agent,<IP Address> read_privileges=<Privilege Tag> |
Associate a Privilege Tag with a Role
...
Code Block |
---|
root@spflow:~# /usr/local/omk/bin/oprbac_admin.exe act=list-users verbose=1 Name Description Roles Properties Privileges CustomerA_NOC CustomerA root@spflow:~# /usr/local/omk/bin/oprbac_admin.exe act=list-roles verbose=1 Name Description Properties Privileges CustomerA CustomerA_read root@spflow:~# /usr/local/omk/bin/oprbac_admin.exe act=list-objects verbose=1 Path Description Create Read Update Delete root,opflowsp,agent,10.10.1.1,interface,3 N/A CustomerA_read N/A N/A |