====== Troubleshooting - Add a new role in the SNMP Manager ======

Author: Michelle McCausland

===== Example Support Request =====
//Example support ticket - CCSUPPORT-2039//

<code> Can we find out from Errigal how we can give our NOMS access to “Node Information” in SNMP manager without giving them the role of “NOC User” in Global Admin/SNMP manager?
We’ll have other users using this new role besides NOMs. Could we name the new role Query Only? 
It should not be tied to any carrier visibilities by default, we need the ability to select what markets they are able to access.
Just to add, we would like a role that would allow users to search/view the information only, no editing/delete functions.
</code>

----

===== Solution =====

**Relevant tables** - shiro_user, shiro_role, shiro_role_permissions

  * Each user can have a shiro_role.
  * Each shiro_role can have shiro_permissions.
  * The shiro_role_permissions domain contains a string which determines an allowed action/view
  * Review what permissions exist currently with a role to familiarize yourself with this.

Hint - to determine some of these permission strings to add to a role, it is useful to hover over the link to the resource you are trying to access and by looking at the bottom of the screen at the url:

{{ :onboarding:snmpmanager:role.png?nolink |}}

Other permissions require looking at the code base in order to determine.

This process is trial and error and any role modifications should be thoroughly tested before deploying to production.

To create an **SNMP Manager - Read Only** role, the following queries were executed:

<code>
INSERT INTO shiro_role_permissions VALUES(13,"knowledge:index");
INSERT INTO shiro_role_permissions VALUES(13,"networkElement:hubAutoCompleteAction");
INSERT INTO shiro_role_permissions VALUES(13,"networkElement:nodeAutoCompleteAction");
INSERT INTO shiro_role_permissions VALUES(13,"knowledge:showElement");
INSERT INTO shiro_role_permissions VALUES(13,"dasHub:show");
INSERT INTO shiro_role_permissions VALUES(13,"dasNode:show");
INSERT INTO shiro_role_permissions VALUES(13,"networkElement:show");
INSERT INTO shiro_role_permissions VALUES(13,"networkElement:showWithContacts");
INSERT INTO shiro_role_permissions VALUES(13,"knowledge:networkElementSearch");
INSERT INTO shiro_role_permissions VALUES(13,"knowledge:responsibilityDataTable");
INSERT INTO shiro_role_permissions VALUES(13,"knowledge:globalSearch");
</code>

----

To create an **Node Monitor - Read Only** role, the following queries were executed:

<code>
INSERT INTO shiro_role_permissions VALUES(14,"knowledge:showElement");
INSERT INTO shiro_role_permissions VALUES(14,"networkElement:showWithContacts");
INSERT INTO shiro_role_permissions VALUES(14,"knowledge:responsibilityDataTable");
INSERT INTO shiro_role_permissions VALUES(14,"dasHub:show");
INSERT INTO shiro_role_permissions VALUES(14,"dasNode:show");
INSERT INTO shiro_role_permissions VALUES(14,"networkElement:show");
INSERT INTO shiro_role_permissions VALUES(14,"gwt");
INSERT INTO shiro_role_permissions VALUES(14,"nodeMonitor");
</code>