Avaya Support Forums

Avaya Support Forums (http://support.avaya.com/forums/index.php)
-   Avaya Networking Products (http://support.avaya.com/forums/forumdisplay.php?f=25)
-   -   IDE 9.01 RBAC feature (http://support.avaya.com/forums/showthread.php?t=4977)

bdholmes 08-15-2014 11:38 AM

IDE 9.01 RBAC feature
 
While the release notes says there is now an RBAC (roles based access control) for administrator access to the Ignition Server, I cannot find any documentation on how to configure a "monitor-admin" for example. How do I create such an ID and assign it a password?

rshaynes 08-18-2014 02:42 PM

How to Configure RBAC Basics
 
Under the new Configuration -> Administration option are three subtrees "Dashboard Hosts", "Admin Access Policies" and "Admin Roles".

The "Admin Roles" is a read only, default set of new RBAC access levels and you can individually look at what each privilege level provides or restricts access to.

The easiest is to create a user in the Internal User Store -- call that user "monitor1" with password "hallmonitor".

You then create or ensure a Directory Set exists that uses the "Internal User Store" for User Lookup Service/Authentication Service.

From here you create an "Admin Access Policy" just like Access Policies for RADIUS/MAC Authentication. The policy will require a rule. Based on the above internal user design, creating a rule "If User.Authentication Service = Internal User Store AND User.user-id = monitor1 --> ALLOW assigning monitor-admin role".

You should then be able to log out of Dashboard and log back in with the monitor1/hallmonitor credentials you created above and now have monitor only privileges.


This feature allows you to create policies to use any directory set or service you've defined for username lookup and authentication. As long as the policy rule you've set up is met, the user will be assigned the role you set for them.

rshaynes 08-18-2014 02:45 PM

Missing Info
 
Forgot to add that when creating the Admin Access Policy you must associate that policy with the Directory Set, per the example, tied to the Internal User Store.

bdholmes 08-28-2014 07:11 AM

Thank You
 
Thanks for the tip. Works like a charm!


All times are GMT -7. The time now is 12:45 AM.