Updated on 2022-02-21 GMT+08:00

Creating a Role in a Region and Granting Permissions

Prerequisites

You have logged in to the NetEco as a region administrator.

Context

  • If only a few roles are required in a region, create them one by one.
  • If multiple roles are required in a region or the roles are obtained from the files exported from other systems, create roles in batches.
  • The operations in this section will change user permissions. Exercise caution when performing these operations.

Procedure

  • Creating a common role in a region
  1. Choose System > System Management > User Management from the main menu.
  2. In the navigation pane, choose Roles.
  3. On the Roles page, click Create.

    You can quickly create a role by clicking Copy in the Operation column of a role and adjusting the information as required.

  4. On the displayed page, enter the basic role information, select users to be attached to the role, and click Next.

    If a user has been attached to a regional administrator role, you cannot attach this user to a common role.

  5. Select the managed objects included in the role based on the role plan during authorization planning.

    • All Objects: shows all the resources that can be managed by the system. It is the default managed object provided by the system and cannot be modified or deleted.
    • Subnets: shows all the subnets that can be managed by the system. If a subnet is selected for a user, this user can manage the subnet and all its managed objects, including devices and subnets.

  6. Based on the authorization plan for application-level operation rights and device-level operation rights of the role, set application-level operation rights of the role on the Application-Level tab page and set device-level operation rights for each managed object included in the role on the Device-Level tab page.

    When you set device-level operation rights for a managed object, select the managed object first and then select the device operation sets to be bound to the object. After you select a managed object, device operation sets that can be bound to the object are listed in Operations.

    Roles in regions can only be authorized by operation set. For details about how to create an operation set in a region, see Creating Operation Sets in a Region As Planned.

  7. Confirm role information and click OK.
  • Creating common roles in a region
  1. Choose System > System Management > User Management from the main menu.
  2. In the navigation pane, choose Roles.
  3. On the Roles page, click and choose Batch Create Roles.
  4. On the Batch Create Roles page, click a template name to download the template.

    The system provides two template formats: Role Template.xls and Role Template.xlsx, and you can edit the template in .csv format. Select a template format as required.

  5. Fill in role information based on the template.
  6. Click . In the displayed dialog box, select the edited template.
  7. Click Create.

    Security administrators can import roles of all regions. Region administrators can import only roles of their own regions.

    After roles are imported, you can perform the following operations:

    • On the displayed page, view the number of successfully imported users and the number of users who fail to be imported.
    • In the Result list, view the imported roles and their details.

  8. Click OK.
  9. Assign permissions to the roles created in batches based on the authorization plan.

    1. On the Roles page, click a role name.
    2. On the Managed Objects or Operation Rights tab page, click Edit, and assign permissions to the role.

Follow-up Procedure

If a user logs in to a third-party system in SSO mode, role information (excluding operation rights) about this user can be synchronized to the third-party system. To ensure that this user has the same operation rights on the third-party system as those on the system, create the same role for the user on the third-party system and bind the same operation rights to the role.

Related Tasks

You can perform the following operations as required:

  • Viewing role information in a region: Click the name of the role whose information will be viewed.
  • Modifying role information in a region: Click the name of the role whose information will be modified, and then click Edit.
  • Deleting roles: To delete a single role, click Delete in the Operation column of the row that contains this role. To delete roles in batches, select the roles to be deleted and click Delete.

    You cannot delete the region administrator role and the role to which the current user is attached.

  • Exporting roles: Click , and choose Export All Roles.
    • If the number of roles exceeds 500, role information is exported to multiple files. That is, each file contains information about a maximum of 500 roles.
    • A region administrator can export only roles of the region to which the region administrator belongs.
    • The file is exported in .csv or .xlsx format and downloaded to the local PC as a .zip package.