• Downloads
• Role Based Access Control Overview    

• Related Topics
• Understanding How to Configure Users to Manage Objects in Junos Space
• Predefined Administrator Roles
• Creating Users
• Viewing User Statistics
• Viewing Users

Role Based Access Control Overview

Junos Space supports authentication and authorization. A Junos Space super administrator or user administrator creates users and assigns roles (permissions) that allow users to access and manage the users, nodes, devices, services, and customers in Junos Space.

To access and manage Junos Space, a user must be assigned one or more roles, which are validated during authorization. The roles that an administrator assigns to a user controls the workspace or workspaces the user can access and the tasks that can be performed on the objects that are managed within a workspace. A user with no role assignments cannot access any Junos Space workspace and is unable to perform tasks.

Authentication

Through authentication, Junos Space validates users based on password and other security services. Junos Space supports local user authentication only. Each user password is saved in the Junos Space database and is used to validate a user during login.

RBAC Enforcement

With RBAC enforcement, a Junos Space super administrator or user administrator controls the workspaces a user can access, the system resources users can view and manage, and the tasks available to a user within a workspace. RBAC is enforced in the Junos Space user interface navigation hierarchy by workspace, task group, and task. A user can only access those portions of the navigation hierarchy that are explicitly granted through access privileges. The following sections describe RBAC enforcement behavior at each level of the user interface navigation hierarchy.

Enforcement by Workspace

The Junos Space user interface provides a task-oriented environment in which a collection of related user tasks are organized by workspace. For example, the Users workspace defines the group of tasks related to managing users and roles. Tasks include creating, modifying, and deleting users, and assigning roles. Enforcement by workspace ensures that a user can view only those workspaces that contain the tasks that the user has permissions to execute. For example, a user that is assigned the Device Manager role, which grants access privileges to all tasks in the Devices workspace, can access only the Devices workspace. No other workspaces are visible to this user unless other roles are assigned to this user.

RBAC Enforcement Not Supported for Getting Started Panel

RBAC enforcement is not enabled for the contents of the Getting Started panel. Consequently, a user who does not have certain access privileges can still view the steps displayed in the Getting Started panel. For example, a user without privileges to manage devices will still see the Discover Devices step. However, when the user clicks on the step, Junos Space displays an error to indicate that the user might not have permission to access the workspace or tasks to which the step is linked.