• All Files
doc title Help Center
You are here: Home > Getting Started with Aruba Central (on-premises) > Configuring User Roles

Configuring User Roles

A role refers to a logical entity used for determining user access to devices and application services in Aruba Central. Users are always tagged to roles that govern the level of user access to the Aruba Central applications and services.

Aruba Central supports a set of predefined roles with different privileges and access permissions. You can also configure custom roles.

Predefined User Roles

The Users and Roles page allows you to configure the following types of users with system-defined roles:

Table 1: Predefined User Roles

Application

User Role

Privilege

Account Settings

 

 

admin

Administrator for the Account Home page.

readwrite

Can view and modify settings in the Account Home page and all Global Settings pages.

readonly

Can view the Account Home page and all Global Settings pages.

Network Operations

 

 

 

 

admin

Administrator for the Account Home page.

deny-access

Cannot view the Network Operations application.

readonly

Can view all pages in the Network Operations application.

readwrite

Has access to view and modify data using the Aruba Central UI or APIsApplication Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software.. However, the user cannot execute APIs to:

Perform operations in the following pages:

Account Home > Users and Roles

Network Operations application > OrganizationSites and Labels

Custom Roles

Along with the predefined user roles, Aruba Central also allows you to create custom roles with specific security requirements and access control. However, only users with the administrator role and privileges can create, modify, clone, or delete a custom role in Aruba Central.

With custom roles, you can configure access control at the application level and specify access rights to view or modify specific application services or modules. For example, you can create a custom role that allows access to a specific applications like Network Management and assign it to a user.

Adding a Custom Role

The following are the permissions that you can associate with a custom role:

User roles with Modify permission can perform add, edit, or delete actions within the specific module.

User roles with View Only permission can only view the specific module.

User roles with Block permission cannot view that particular module.

To add a custom role, complete the following steps:

1. In the Account Home page, under Global Settings, click Users and Roles.

2. Click the Roles tab.

3. Click Add Role. The New Role window is displayed.

4. Specify a name for the role.

5. From the drop-down list, select one of the following:

Account Home—To manage access to devices and subscriptions in Aruba Central.

Network Operations—To set permissions at the module level in the Network Operations application.

6. Click Save.

7. Assign the role to a user account as required.

Module Permissions

Aruba Central allows you to define user roles with view or modify permissions. You can also block user access to some modules.

Aruba Central supports setting permissions for the following modules:

Table 2: Permissions

Application

Module

Description

Account Home

Devices and Subscription

Allows users to add devices and assign keys and subscriptions to devices.

Network Operations

Group Management

Allows users to create, view, modify, and delete groups and assign devices to groups.

Devices and Subscription

Allows users to add devices and assign subscriptions to devices.

Network Management

Allows users to configure, troubleshoot, and monitor Aruba Central-managed networks.

VisualRF

Allows user to access VisualRF and RFRadio Frequency. RF refers to the electromagnetic wave frequencies within a range of 3 kHz to 300 GHz, including the frequencies used for communications or Radar signals. heatmaps.

Unified Communications

Allows users to access the Unified Communications pages.

Reports

Allows users to view and create reports.

Viewing User Role Details

To view the details of a user role, complete the following steps:

1. In the Account Home page, under Global Settings, click Users and Roles.

2. Click the Roles tab. The Roles tab displays the following information:

Role Name—Name of the user role.

Allowed Applications—The applications to which the users have access.

Assigned Users—Number of users assigned to a role.

Editing a User Role

To edit a user role, complete the following steps:

1. In the Account Home page, under Global Settings, click Users and Roles.

2. Click the Roles tab.

3. In the List of Roles table, select the role and click the edit icon.

4. In the Edit Role <"Rolename"> window, modify the permissions set for module(s).

5. Click Save.

Deleting a User Role

To delete a user role, ensure that the role is not associated to any user and complete the following steps:

1. In the Account Home page, under Global Settings, click Users and Roles.

2. Click the Roles tab.

3. In the List of Roles table, select the role and click the delete icon.

4. Confirm role deletion in the Confirm Action dialog box.

/*]]>*/