Avaya Support Forums  

Go Back   Avaya Support Forums > Avaya Networking Products

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 08-15-2014, 11:38 AM
bdholmes bdholmes is offline
Hot Shot
 
Join Date: Aug 2014
Location: Columbia TN
Posts: 16
bdholmes has 12 reputation points
Question IDE 9.01 RBAC feature

While the release notes says there is now an RBAC (roles based access control) for administrator access to the Ignition Server, I cannot find any documentation on how to configure a "monitor-admin" for example. How do I create such an ID and assign it a password?
Reply With Quote
  #2  
Old 08-18-2014, 02:42 PM
rshaynes rshaynes is offline
Whiz
.
 
Join Date: Mar 2010
Location: Eastern Time Zone, United States
Posts: 27
rshaynes has 12 reputation points
Default How to Configure RBAC Basics

Under the new Configuration -> Administration option are three subtrees "Dashboard Hosts", "Admin Access Policies" and "Admin Roles".

The "Admin Roles" is a read only, default set of new RBAC access levels and you can individually look at what each privilege level provides or restricts access to.

The easiest is to create a user in the Internal User Store -- call that user "monitor1" with password "hallmonitor".

You then create or ensure a Directory Set exists that uses the "Internal User Store" for User Lookup Service/Authentication Service.

From here you create an "Admin Access Policy" just like Access Policies for RADIUS/MAC Authentication. The policy will require a rule. Based on the above internal user design, creating a rule "If User.Authentication Service = Internal User Store AND User.user-id = monitor1 --> ALLOW assigning monitor-admin role".

You should then be able to log out of Dashboard and log back in with the monitor1/hallmonitor credentials you created above and now have monitor only privileges.


This feature allows you to create policies to use any directory set or service you've defined for username lookup and authentication. As long as the policy rule you've set up is met, the user will be assigned the role you set for them.
Reply With Quote
  #3  
Old 08-18-2014, 02:45 PM
rshaynes rshaynes is offline
Whiz
.
 
Join Date: Mar 2010
Location: Eastern Time Zone, United States
Posts: 27
rshaynes has 12 reputation points
Default Missing Info

Forgot to add that when creating the Admin Access Policy you must associate that policy with the Directory Set, per the example, tied to the Internal User Store.
Reply With Quote
  #4  
Old 08-28-2014, 07:11 AM
bdholmes bdholmes is offline
Hot Shot
 
Join Date: Aug 2014
Location: Columbia TN
Posts: 16
bdholmes has 12 reputation points
Solution Confirmed Thank You

Thanks for the tip. Works like a charm!
__________________
Brian Holmes

Network Architect
Fiat Chrysler Automobiles
Reply With Quote
Reply

Tags
ide, identity, ignition, rbac

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -7. The time now is 12:12 PM.

This Forum is provided solely for the use and convenience of Avaya customers and partners. Use of the Forum is subject to the Terms and Use and Privacy Statement found at www.avaya.com. No other use is permitted. The Forum including all content posted is “AS IS” and Avaya expressly disclaims all warranties and/or guarantees as to its accuracy, reliability, usefulness, quality or non-infringement of intellectual property. Avaya reserves the right to remove any content posted on the Forum at any time and for whatever reason.

Avaya will not be liable for any content posted on this Forum, including, without limitation, any errors or omissions or for any losses or damages of any kind incurred as a result of use or reliance on any content, regardless of its origin.

You expressly understand and agree that you assume all risks associated with use or reliance on this content.