Internal Errigal Collaboration Wiki

User Tools

Site Tools

Trace: creating_a_new_alert
onboarding:snmpmanager:add_new_role_in_the_snmp_manager

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
onboarding:snmpmanager:add_new_role_in_the_snmp_manager [2017/12/19 14:58] – created mmcconboarding:snmpmanager:add_new_role_in_the_snmp_manager [2021/06/25 10:09] (current) – external edit 127.0.0.1
Line 1: Line 1:
 +====== Troubleshooting - Add a new role in the SNMP Manager ======
  
 +Author: Michelle McCausland
 +
 +===== Example Support Request =====
 +//Example support ticket - CCSUPPORT-2039//
 +
 +<code> Can we find out from Errigal how we can give our NOMS access to “Node Information” in SNMP manager without giving them the role of “NOC User” in Global Admin/SNMP manager?
 +We’ll have other users using this new role besides NOMs. Could we name the new role Query Only? 
 +It should not be tied to any carrier visibilities by default, we need the ability to select what markets they are able to access.
 +Just to add, we would like a role that would allow users to search/view the information only, no editing/delete functions.
 +</code>
 +
 +----
 +
 +===== Solution =====
 +
 +**Relevant tables** - shiro_user, shiro_role, shiro_role_permissions
 +
 +  * Each user can have a shiro_role.
 +  * Each shiro_role can have shiro_permissions.
 +  * The shiro_role_permissions domain contains a string which determines an allowed action/view
 +  * Review what permissions exist currently with a role to familiarize yourself with this.
 +
 +Hint - to determine some of these permission strings to add to a role, it is useful to hover over the link to the resource you are trying to access and by looking at the bottom of the screen at the url:
 +
 +{{ :onboarding:snmpmanager:role.png?nolink |}}
 +
 +Other permissions require looking at the code base in order to determine.
 +
 +This process is trial and error and any role modifications should be thoroughly tested before deploying to production.
 +
 +To create an **SNMP Manager - Read Only** role, the following queries were executed:
 +
 +<code>
 +INSERT INTO shiro_role_permissions VALUES(13,"knowledge:index");
 +INSERT INTO shiro_role_permissions VALUES(13,"networkElement:hubAutoCompleteAction");
 +INSERT INTO shiro_role_permissions VALUES(13,"networkElement:nodeAutoCompleteAction");
 +INSERT INTO shiro_role_permissions VALUES(13,"knowledge:showElement");
 +INSERT INTO shiro_role_permissions VALUES(13,"dasHub:show");
 +INSERT INTO shiro_role_permissions VALUES(13,"dasNode:show");
 +INSERT INTO shiro_role_permissions VALUES(13,"networkElement:show");
 +INSERT INTO shiro_role_permissions VALUES(13,"networkElement:showWithContacts");
 +INSERT INTO shiro_role_permissions VALUES(13,"knowledge:networkElementSearch");
 +INSERT INTO shiro_role_permissions VALUES(13,"knowledge:responsibilityDataTable");
 +INSERT INTO shiro_role_permissions VALUES(13,"knowledge:globalSearch");
 +</code>
 +
 +----
 +
 +To create an **Node Monitor - Read Only** role, the following queries were executed:
 +
 +<code>
 +INSERT INTO shiro_role_permissions VALUES(14,"knowledge:showElement");
 +INSERT INTO shiro_role_permissions VALUES(14,"networkElement:showWithContacts");
 +INSERT INTO shiro_role_permissions VALUES(14,"knowledge:responsibilityDataTable");
 +INSERT INTO shiro_role_permissions VALUES(14,"dasHub:show");
 +INSERT INTO shiro_role_permissions VALUES(14,"dasNode:show");
 +INSERT INTO shiro_role_permissions VALUES(14,"networkElement:show");
 +INSERT INTO shiro_role_permissions VALUES(14,"gwt");
 +INSERT INTO shiro_role_permissions VALUES(14,"nodeMonitor");
 +</code>

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki