ON THIS PAGE
User/Role Management (Platform)
User Profile Management
User profiles include the following details and options:
- Username
- First Name (optional)
- Last Name (optional)
- Email (optional)
- Password
- Roles
From the left navigation menu in the Apstra GUI, navigate to Platform > User Management > Users to go to user profiles.
User Role Management
Users with the administrator role can create, clone, edit and delete user roles (which are assigned to user profiles). These roles can also be mapped to external groups used by authentication providers such as LDAP, Active Directory, TACACS+, and RADIUS.
With Enhanced Role Based Access Control, you can create blueprint-specific roles with very specific privileges allowing limited control to associated users. This allows you to create more hierarchical roles and protect against accidental changes to the network.
The blueprint locking feature prevents restricted users (based on their roles) from making changes that effectively are not permitted. In particular, a restricted user should not be able to commit changes made by another user.
A blueprint with no uncommitted changes is considered “unlocked”.
If you have permission (based on the your assigned roles) to create/update/delete virtual networks, and another user has made uncommitted changes to the blueprint. The blueprint is considered "locked", and you will not be able to create/update/delete virtual networks until the changes are committed or reverted by the "locking user" who made the uncommitted changes, unless you are the locking user.
If you have permission (based on your assigned roles) the name of the user who created the pending changes is displayed.
An admin user who has "Write/Commit Blueprints" permissions can make any changes to, apply changes for, revert changes for any blueprint.
User roles include the following details and options:
Parameter | Description |
---|---|
Name | role name |
Type | global permission or per-blueprint permissions |
Global Permissions (read, write, commit, as applicable) |
|
Per-Blueprint Permissions |
|
From the left navigation menu, navigate to Platform > User Management > Roles to go to user roles. You can create, clone, edit, and delete user roles, except for the four predefined user roles (administrator, device_ztp, user, viewer) which cannot be modified.