Users and roles may be granted permissions to certain devices, allowing them to only see and interact with information pertaining only to those devices.
Administrators may use device permissions to select those devices which will be accessible to specific roles. This allows administrators to effectively limit some users from having access to information that should not be visible to them.
Users associated with specific roles will only be able to see information pertaining to devices to which they have been granted permissions. Granting permissions to a group of devices may be done by using device labels. See Label Management for details.
Roles may be granted permissions to devices by adding the relevant device labels. Assigning a label to a role will allow that role to have access to all devices under that label.
-
Select the Settings tab from the sidebar, then select Roles.
-
For the role you wish to edit, click the vertical ellipsis icon and select Edit.
The Edit Role page is displayed.
In the Device Permissions section, click Assign Labels +.
Note: You can select the Full Permissions toggle button to allow the selected role the full set of permissions to all devices currently existing on the system as well as any devices added to it in the future.From the Assign Labels window that is displayed, select the appropriate labels from the table and click OK, as shown in the following image.
The Device Permissions section now displays the selected labels.
To remove an assigned label, click the vertical ellipsis icon next to it and select Unassign label, as shown in the following image.
To view the list of devices associated with a label, select the checkbox for the label. You can select one or more checkboxes.
The Label devices drawer is displayed, with details of the devices associated with the selected labels.
When a device is associated with multiple labels, hovering over the device name will display the list of labels (which are viewable to the selected role), as shown in the following image.
To add or remove devices from labels, navigate to the Devices page. See Label Management for more information.
- Roles not assigned to any labels will not have access to ANY devices.
- Users not assigned to a role will not have access to ANY devices.
- The Rule and Backup sections are precluded from the Device Permissions feature. These sections will not be affected by changed made to roles’ device permissions.
Tips and Tricks
If you want to email certain issues to certain users, you can define a role that is restricted to a given label or devices. However, your users want to view all issues relating to other devices. In other words, this is just for the purpose of email notifications.
For example, John only wants to receive emails about issues relating to F5 devices. You can create a fictitious user (e.g. username = phantom-john) with his email address. Notice that phantom-john is not the username John uses to login to the system. Instead, John uses his regular username with permissions to view issues relating to all devices. Associate phantom-john to the role with the Device Permissions set to F5 devices only.