Creating a Role and Granting Permissions

Prerequisites

You have logged in to the NetEco as a security administrator.

Context

• If only a few roles are required, create them one by one.
• If multiple roles are required or the roles are obtained from the files exported from other systems, create roles in batches.

Procedure

• Creating a single role

1. Choose System > System Management > User Management from the main menu.
2. In the navigation pane, choose Roles.
3. On the Roles page, click Create.
   

   You can quickly create a role by clicking Copy in the Operation column of a role and adjusting the information as required.

4. On the displayed page, set basic role information.
5. Select the users to be attached to the role.

   After role authorization is complete, the users you have selected have the permissions included in this role.

6. Click Next and select the managed objects included in the role based on the authorization plan.
   • All Objects: shows all the resources that can be managed by the system. It is the default managed object provided by the system and cannot be modified or deleted.
   • Subnets: shows all the subnets that can be managed by the system. If a subnet is selected for a user, this user can manage the subnet and all its managed objects, including devices and subnets.
   • Devices: If a user needs to manage specified devices, you can grant permissions by device.
   • Resource Groups: If a resource group is selected for a role, this role can manage all the resources in the group. Resources are grouped by resource type using Resource Groups.

7. Click Next. Based on the authorization plan for application-level operation rights and device-level operation rights of the role, set application-level operation rights of the role on the Application-Level tab page and set device-level operation rights for each managed object included in the role on the Device-Level tab page.

   When setting device-level operation rights, select a managed object first. The device operations that can be bound to the managed object are displayed in the Operations list box. Then, you can select the devices operations to be authorized.

8. Click OK.

• Creating roles in batches

1. Choose System > System Management > User Management from the main menu.
2. In the navigation pane, choose Roles.
3. On the Roles page, click and choose Batch Create Roles.
4. On the Batch Create Roles page, click a template name to download the template.
   

   The system provides two template formats: Role Template.xls and Role Template.xlsx, and you can edit the template in .csv format. Select a template format as required.

5. Fill in role information based on the template.
6. Click . In the displayed dialog box, select the edited template.
7. Click Create.

   After roles are imported, you can perform the following operations:

   1. On the displayed page, view the number of successfully imported roles and the number of roles that fail to be imported.
   2. In the Result list, view the imported roles and their details.
   3. If partial failure occurs, modify the role information that failed to be imported based on the details, and import them again.

8. Click OK.
9. Assign permissions to the roles created in batches based on the authorization plan.
   1. On the Roles page, click a role name.
   2. On the Managed Objects or Operation Rights tab page, click Edit, and assign permissions to the role.

Follow-up Procedure

If a user logs in to a third-party system in SSO mode, role information (excluding operation rights) about this user can be synchronized to the third-party system. To ensure that this user has the same operation rights on the third-party system as those on the system, create the same role for the user on the third-party system and bind the same operation rights to the role.

Related Tasks

For details about how to maintain role information, see Common Operations for Role Information Maintenance.