Flexibility in account roles and limitations

Consider we have 100 nodes For a particular account X they need manage node (Admin) access for 1 to 50 nodes and ready only access for 51 to 100 nodes. Can it will achiveable?? Using a single account?? Not by two account

Find more posts tagged with

account

permission

role

Accepted answers

All comments

mrxinu

You can use an account limitation to lock a user into a subset of your devices. That prevents them from accessing any of the other devices. The full-access to device group A and read-only access to device group B concept isn't supported. You would have to create four separate accounts - full-access to group A, full-access to group B, read-only to group A, and read-only to group B.

rajasekar

I need to do this using single account only.
Can I add a account as AD account and windows account then I can apply read-only to all for AD and Admin account for windows with limitation???

mrxinu

No. When you use an account limitation you can think of it as a filter - whatever devices you're limiting to are the only ones that user will be able to see with whatever permissions that user has.

For example, if you limit a user to Cisco devices only and they have the node managment permission, they'll be able to manage all those nodes. They won't be able to see any non-Cisco devices.

mesverrum

I was just discussing with a PM the other day how much of a problem the existing permission scheme is for people. They do KNOW how to build granular permission structures, they did it for IPAM. Wish they would take inspiration and apply it to the whole platform.