cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Firmware upgrades access for non-admin users

Firmware upgrades access for non-admin users

Currently, the Firmware upgrade feature requires full Orion admin access besides NCM admin. This seems a bit excessive since Orion admins should be able to delegate these tasks to Network Engineers for example and since this is by no means an administrative task related to the Orion platform.


Just to give you a brief insight: we have 2000+ devices in SolarWInds (mostly network devices and mostly monitored by NCM as well) spread across hundreds of locations across the world and supported by various teams. The SolarWinds admins team consists of two people. It would be nice to be able to grant other people access to do firmware upgrades without granting full Orion admin access (which is absurd in the first place).

10 Comments
Level 8

The ability to allow NCM administrator and NCM engineer roles to access the firmware upgrade module is imperative for us as we only allow full Solarwinds Admin access for the small team of Orion Platform administrators as segregation of duties and control.  Network administrators with elevated NCM role access should have full access to all NCM management features. 

Level 11

Exactly! I cannot understand how SolarWinds expect you to grant full admin access to anyone who upgrades device firmware.

Level 7

Precisely!

Level 9

I think my request can be merged with this one, it concerns the same topic - non-admin users should be allowed to do firmware upgrades on devices or a subset of devices.

https://thwack.solarwinds.com/t5/NCM-Feature-Requests/Delegate-firmware-upgrades-to-users-e-g-junior...

My organization almost have the same setup as this request's creator. 2 NCM admins, 1.700+ network devices, one network team/person in each country/region responsible for devices in that country/region. Today either all network teams must be admins in NCM or the 2 NCM admins must perform the firmware upgrade. None of these options are attractive.

Level 11

@kristofer looks like they already implemented the feature in the latest RC:

https://thwack.solarwinds.com/t5/NCM-Documents/Introducing-the-NCM-2020-2-Release-Candidate/ta-p/590... 

Security Changes

Previously only Orion Admins with NCM Administrator role were allowed to run Firmware upgrade operations. Now any NCM user with NCM WebUploader role or higher is able to run upgrade.  (Orion Admin rights with NCM Administrator role is still required to manage firmware upgrade templates.)

 

Although, I could not find any mention of the feature on the SolarWinds website:

https://documentation.solarwinds.com/en/Success_Center/ncm/Content/Release_Notes/NCM_2020-2_release_... 

We'll see.

 

Level 9

@ioan_bucsa 
Sounds promising! 🙂

Product Manager
Product Manager
Level 11

I am testing 2020.2RC, but having trouble updating IOS with parallel process as you describ in 2020.2 would be possilbe

NCM detects parallel upgrade templates by checking for the presence of the ${SubFolder} macro for the backup and upload image commands.

Question: you write: Use ${SubFolder} macro for the backup and upgrade commands instead of hardcoding subfolder names. NCM will resolve that macro to a unique subfolder automatically as well as automatically create that subfolder on the TFTP server.

if NCM will resolve subfolder automatically, where do i need to PUT the image.ios File on my TFTP Server?

TFTP://root/automatically-SubFolder/image.ios ?

 

best regards from a test-user 2020.2RC

Level 9

@ioan_bucsa

YES! I can confirm that firmware upgrades now works (in 2020.2 RC) when you only have the WebUploader role. It also only applies for devices which the user/group is limited to (in my case I use System Location). 🙂

Level 11

🎉🎉🎉

Good to hear that! I have not done the upgrade just yet, waiting on GA.