...
This is accomplished via the CLI. Objects are assigned a 'Privilege Tag'. These tags are latter associated with Roles; thus enabling users assigned to that Role to view them. The 'Privilege Tag' provides a lot of granularity.
The An object in this case example is a specific interface on a network device.
...
- IP Address: The IP address that the network device uses to source flow data.
- SNMP IF Number: This is the SNMP index number of the interface in question.
- Privilege Tag: This tag is user defined and will be assigned to a role.
It's possible to set a privilege tag for an entire node by simply not adding the interface information. This would allow all the interfaces for a particular node to be viewed; for example:
| Code Block |
|---|
/usr/local/omk/bin/oprbac_admin.exe act=create-object path=root,opflowsp,agent,<IP Address> read_privileges=<Privilege Tag> |
Associate a Privilege Tag with a Role
...
- Role Name: The role that the user is assigned to.
- Privilege Tag: The privilege tag that is associated with the previously defined interface object that the user is allowed to view.
...