Skip to end of banner
Go to start of banner

DRAFT - opFlowSP - Role Based Access Control (RBAC) Configuration

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Purpose

Describe the how to use the opFlowSP Role Based Access Control (RBAC) feature. 

Feature Description

Service providers may want to allow customers to view flow statistics related to their interfaces, yet not allow them to view other customer interfaces.  This feature facilitates this functionality.

Order of Operation

  • Create a role (GUI)
  • Create a user and assign a role (GUI)
  • Create an object with a privilege tag (CLI)
  • Associate the privilege tag with a role (CLI)

Configuration

Create a Role

From the opFlowSP main page, top menu bar, select System -> Portal Roles.  This should render the following page.

Click the blue '+' button to add a role.  At a minimum enter a name and click 'Add'.

Create a User

From the opFlowSP top menu bar, select System -> Portal Users. This should render the following page.

Click the blue '+' button to an a user.

At a minimum do the following.

  • Add a username
  • From the Role drop down menu, choose a previously provisioned Role.
  • Enter a password

Create an Object with a Privilege Tag

This is accomplised via the CLI.  An object in this case is a specific interface on a network device. 

root@spflow:~# /usr/local/omk/bin/oprbac_admin.exe act=create-object path=root,opflowsp,agent,10.10.1.1,interface,3 read_privileges=CustomerA_read
created new object

Syntax:

/usr/local/omk/bin/oprbac_admin.exe act=create-object path=root,opflowsp,agent,<IP Address>,interface,<SNMP IF Number> read_privileges=<Privilege Tag>

IP Address:  The IP address that the network device uses to source flow data.

SNMP IF Number:  This is the SNMP index number of the interface in question.

Privilege Tag:  This tag

 

 

  • No labels