Configuring Users to Manage Objects in Junos Space Overview
Junos Space Network Management Platform is shipped with a Super Administrator privilege level that provides full access to the Junos Space system. When you first log in to Junos Space Network Management Platform as default Super Administrator, you can perform all tasks and access all Junos Space system resources. Super Administrator can create users and assign roles to those users to specify which workspaces and system resources the users can access and manage, and which tasks the users can perform within each workspace.
After you first set up Junos Space Network Management Platform, you can disable the default Super Administrator user ID, if necessary. However, before doing so, you should first create another user with Super Administrator privileges.
To access and manage Junos Space system resources, a user must be assigned at least one role. A role defines the tasks (create, modify, delete) that can be performed on the objects (devices, users, roles, configlets, scripts, services, customers) that Junos Space Network Management Platform manages. For more information about roles, see Roles Overview.
Users receive permission to perform tasks only through the roles that they are assigned. In most cases, a single role assignment enables a user to view and to perform tasks on the objects within a workspace. For example, a user assigned the Device Manager role can discover devices, resynchronize devices, view the physical inventory and interfaces for devices, and delete managed devices. A user that is assigned the User Administrator role can create, modify, and delete other users in Junos Space, and assign and remove roles.
If you modify a role assigned to a user when the user is logged in, the change becomes effective only when the user initiates another session. Changes in a role do not impact existing user sessions. This is applicable for both API and GUI user sessions.
Typically, a role contains one or more task groups. A task group provides a mechanism for grouping a set of related tasks that can be performed on a specific object.
You can assign multiple roles to a single user, and multiple users can be assigned the same role.
User-Specific Idle Timeout
From Junos Space Platform Release 17.1R1 onward, you can specify user-specific idle time out — a period of inactivity after which the user session expires — values when you create or modify a user account.
Only users who have super administrator or user administrator roles, or have permissions to create or modify user accounts can configure user accounts.
You can specify a value in the range of 0 through 480 minutes in the Automatic logout after inactivity (minutes) field of the Create User page or the Modify User page. If you set the idle time out value to 0, the user session never expires. By default, the user-specific idle time out value is set to the Automatic logout after inactivity (minutes) value configured in the User Settings section of the Administration > Application Settings page.
If a user has multiple GUI sessions open, only those sessions that exceed the value configured for Automatic logout after inactivity (minutes) expire.
If you modify the Automatic logout after inactivity (minutes) setting for a user account (Modify User Page) while the user has GUI sessions open, those sessions continue to use the previously-configured value for the idle time out. The new value applies only to those sessions that the user opens after you modify the idle time out settings.