Versions Compared

Old Version 19

changes.mady.by.user Nick Day

Saved on

compared with

New Version Current

changes.mady.by.user Nick Day

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Reverted from v. 16

...

Demonstrate opFlowSP Role Based Access Control (RBAC) feature.

Feature Description

opFlowSP defaults to Classic mode authorisation (see opCharts references to classic vs RBAC Authorisation).  Classic mode means the user's "group" list (from Users.nmis) is queried to check which Nodes(agents) the user is allowed to view.

RABC mode allows fine grained access vs group based access.  For instance Service providers may want to allow customers to view flow statistics related to specific their interfaces, yet prevent them from viewing other customer interfaces.  This feature facilitates this functionality.

...

Code Block
/usr/local/omk/bin/oprbac_admin.exe act=create-object path=root,opflowsp,agent,<IP Address> read_privileges=<Privilege Tag>

 

Associate a Privilege Tag with a Role

...

Code Block
root@spflow:~# /usr/local/omk/bin/oprbac_admin.exe act=list-users  verbose=1
Name            Description             Roles           Properties              Privileges
CustomerA_NOC                           CustomerA
root@spflow:~# /usr/local/omk/bin/oprbac_admin.exe act=list-roles  verbose=1
Name            Description             Properties              Privileges
CustomerA                                               CustomerA_read
root@spflow:~# /usr/local/omk/bin/oprbac_admin.exe act=list-objects  verbose=1
Path            Description             Create          Read            Update          Delete
root,opflowsp,agent,10.10.1.1,interface,3                               N/A             CustomerA_read          N/A         N/A