After installing the Gateway image, if you will be authenticating Gateway with Micetro, you must set up specific roles and users in Micetro for Gateway to use. Each new role will be mapped to a Gateway group, allowing Micetro authentication to be recognized by Gateway and applied to Gateway features.
Two roles are mandatory:
GW_admin
(mapped to the built-in Gateway groupadmin
)GW_all
(mapped to the built-in Gateway groupall
)
Other Micetro roles that you need depend on the Gateway groups that
you create. All new roles in Micetro should map to at least one of these built-in
Gateway groups (GW_all
and
GW_admin
) for authentication to succeed.
Each role must have the following attributes:
Role Type:
General
Role Name:
GW_<Gateway group>
where<Gateway_group>
is the name of the Gateway group.- Permissions (Access tab): The set of Micetro permissions assigned to that role.
To create a new Micetro role that will be mapped to a Gateway group:
Log in to Micetro as an administrator user.
Select the Admin tab, then click the Configuration tab.
Under Access management on the left panel, select Roles.
Click Create, then select New role. The Create new role dialog box displays.
Click on the Role tab and enter the following:
In Role name, enter
GW_<Gateway group name>
, where<Gateway group name>
is the name of the Gateway group to which this role will be mapped.(Optional) In Description, enter a description of the role.
Click the Access tab, then select the checkboxes for the desired access permissions to assign to that role.
For more information on Micetro permissions, see https://docs.menandmice.com/en/latest/guides/admin-manual/acl_permissions/# in the Micetro documentation.
Note: The Gateway admin group is intended for Gateay administrators, who will have administrative powers over user management, workflow management, and other system administration functions. The Gateway all group is automatically assigned to every Gateway user.If a user should have the ability to view Micetro objects but not modify them, we recommend that you select only permissions starting with "Access" or "List" on IPAM, DNS, and DHCP. For example:
Micetro:
- Access IPAM module
- Access DNS module
- Access Workflow module
DNS services:
- List (or view) DNS server
- DHCP services
- List (or view) DHCP server
DNS zones:
- List (or view) zone
Ranges and DHCP scopes:
- List (or view) range
Address Spaces:
- List (or view) address space
When you're done, click Create.
To create a new user in Micetro who will authenticate through Gateway:
When setting up users for your system, you must create individual users in Micetro and
assign to them one (or both) of the new roles, GW_admin
or
GW_all
. Gateway will use the Micetro username
for authentication, so it is functionally also the Gateway
username.
To create a new Micetro/Gateway user:
- Log in to Micetro as an administrator user.
- Select the Admin tab, click the Configuration tab, then select Users in the filtering sidebar.
- Click Create. The Create user dialog box displays.
In the General tab, enter the following:
-
In Username, enter the username that you want to use. This will also be the Gateway username.
-
In Authentication type, select Micetro.
- In Password and Confirm Password, enter a new password for the user.
-
In the Roles tab, select one of the GW_* roles that you created previously to assign it to this user.
Note: Do not select more than one role. Gateway accepts only one assigned Micetro role/Gateway group per user and will consider it an error if more than one role/group is assigned.- When you're done, click Create.
The new user is added to the Users list and can now use Micetro. Users can now log in to Gateway using the same username and password. They will be authenticated with the running Micetro instance and will have immediate access to certain workflows as well.
Repeat the above steps to create additional users assigned to the roles you desire.