• All Files
Aruba Central Online Help
You are here: Home > Account Home > Managing Users and Roles > Configuring User Roles

Configuring User Roles

A role refers to a logical entity used for determining user access to devices and application services in Aruba Central. Users are always tagged to roles that govern the level of user access to the Aruba Central applications and services.

Access control for federated users is determined by the attributes set in the IdP.

Aruba Central supports a set of predefined roles with different privileges and access permissions. You can also configure custom roles.

Predefined User Roles

The Users and Roles page allows you to configure the following types of users with system-defined roles:

Table 1: Predefined User Roles

Application

User Role

Privilege

Account Home

 

 

admin

Administrator for the Account Home page. If there are common modules between Account Home and other app(s), the Account Home user role has higher precedence and the user is granted permission if the operation is initiated from the Account Home page.

readwrite

Can view and modify settings in the Account Home page and all Global Settings pages.

readonly

Can view the Account Home page and all Global Settings pages.

Network Operations

 

 

 

 

admin

Administrator for the Network Operations application. Has access to Account Home > Global Settings. This is applicable only if the Account Home role is not set or is not conflicting.

deny-access

Cannot view the Network Operations application.

guestoperator

Has guest operator access for the Network Operations application. User does not have access to Account Home > Global Settings.

readonly

Has read-only access to Account Home > Global Settings and the Network Operations application.

readwrite

Has read-write access to Account Home > Global Settings and the Network Operations application.

Has access to view and modify data using the Aruba Central UI or APIsApplication Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software.. However, the user cannot execute APIs to:

Perform operations in the following pages:

  • Account Home > Users & Roles
  • Network Operations application > OrganizationLabels and Sites

Custom Roles

Along with the predefined user roles, Aruba Central also allows you to create custom roles with specific security requirements and access control. However, only users with the administrator role and privileges can create, modify, clone, or delete a custom role in Aruba Central.

With custom roles, you can configure access control at the application level and specify access rights to view or modify specific application services or modules. For example, you can create a custom role that allows access to a specific applications like Group Management or Network Management and assign it to a user.

MSP tenant account users cannot add, edit, or delete roles.

Adding a Custom Role

The following are the permissions that you can associate with a custom role:

  • User roles with Modify permission can perform add, edit, or delete actions within the specific module.
  • User roles with View Only permission can only view the specific module.
  • User roles with Block permission cannot view that particular module.

To add a custom role, complete the following steps:

  1. In the Account Home page, under Global Settings, click Users and Roles.

  2. Click the Roles tab.

  3. Click Add Role. The New Role window is displayed.

  4. Specify a name for the role.

  5. From the drop-down list, select one of the following:

    • Account Home—To manage access to devices and subscriptions in Aruba Central.Network Operations—To set permissions at the module level in the Network Operations application.

  6. For Network Management, you can set access rights at the module level. To set view or edit permissions or block the users from accessing a specific module, complete the following steps:

    1. Click Customize.

    2. Select one of the following options for each module as required:

      • View Only
      • Modify
      • Block
  7. Click Save.
  8. Assign the role to a user account as required.

Module Permissions

Aruba Central allows you to define user roles with view or modify permissions. You can also block user access to some modules. For example, if the Guest Access module is blocked for a specific user role, the corresponding pages are not displayed in the UI.

Aruba Central supports setting permissions for the following modules:

Table 2: Permissions

Application

Module

Description

Account Home

Devices and Subscription

Allows users to add devices and assign keys and subscriptions to devices.

Network Operations

 

 

 

 

 

 

Group Management

Allows users to create, view, modify, and delete groups and assign devices to groups.

Devices and Subscription

Allows users to add devices and assign subscriptions to devices.

Network Management

Allows users to configure, troubleshoot, and monitor Aruba Central-managed networks.

VisualRF

Allows user to access VisualRF and RFRadio Frequency. RF refers to the electromagnetic wave frequencies within a range of 3 kHz to 300 GHz, including the frequencies used for communications or Radar signals. heatmaps.

Unified Communications

Allows users to access the Unified Communications pages.

Reports

Allows users to view and create reports.

Other Applications

Allows users to access other applications modules such as notifications and Virtual Gateway deployment service.

Viewing User Role Details

To view the details of a user role, complete the following steps:

  1. In the Account Home page, under Global Settings, click Users and Roles.

  2. Click the Roles tab. The Roles tab displays the following information:

    • Role Name—Name of the user role.
    • Allowed Applications—The applications to which the users have access.
    • Assigned Users—Number of users assigned to a role.

Editing a User Role

To edit a user role, complete the following steps:

  1. In the Account Home page, under Global Settings, click Users and Roles.
  2. Click the Roles tab.
  3. In the List of Roles table, select the role and click the edit icon.
  4. In the Edit Role <"Rolename"> window, modify the permissions set for module(s).
  5. Click Save.

Deleting a User Role

To delete a user role, ensure that the role is not associated to any user and complete the following steps:

  1. In the Account Home page, under Global Settings, click Users and Roles.
  2. Click the Roles tab.
  3. In the List of Roles table, select the role and click the delete icon.
  4. Confirm role deletion in the Confirm Action dialog box.