I logged in as the readonly user and that account has the ability to configure devices, add/delete/modify templates, and i didnt go much further.
it appears the only limitation is that the read only account cant create new accounts.
how do we set it to ACTUALLY BE readonly?
when do we get radius login for users?
cnMaestro doesn't yet have Read-Only administration access . The "Admin" designation only allows one to add new administrators, otherwise all users have full access. We will be supporting more granular Roles (including a read-only role) in Q2.
thank you for the quick reply. The "admin" user is a bit confusing in that context.
I agree -- we will change it in the next release for clarity, and when we roll out the updated feature we can remove it.
Hi Rob,
Is there any update on the Read only account function ??
I would like to let some of the staff have access but the only thing I want them able to do is read only and open IP links.
Updating firmwares / reboting AP's etc is too much for them.
What would be nice is a User that can Click on IP links and reboot SM's only. The rest is just read only.
Same for us
Rob, plus one for us
Hi Chris-T -- this is still on-track for a Q2 release (end-June now, but it could be July due to additional features added to 1.6.0). It will include a readonly Monitor role as well as an Operator role with more limited management capabilities than Administrator. The current Administrator will be separated into Super Administrator (who can manage users, APIs, and Authentication Servers) and a Standard Administrator, who will have access to all other operations. More granular role management is planned longer-term, but a date hasn't been finalized. The working authorization breakdown for the next release is as follows:
Feature |
Description |
SuperAdmin |
Admin |
Operator |
Monitor |
User Management |
Manage users, roles, sessions |
All |
View |
||
API Management |
Create API clients |
All |
View |
||
AAA Services |
Add AAA servers |
All |
View |
||
System Operations |
Reboot VM, change log level, system upgrade, system monitoring |
All |
All |
View |
View |
Device Operations |
Reboot device, link test, connectivity test |
All |
All |
All |
View |
Application Operations |
Networks, tower creations, tech dump, import/export server data, account type change(backhaul and WiFi) |
All |
All |
All |
View |
Guest Portal |
Guest access |
All |
All |
All |
View |
Global Configuration |
Templates and AP Groups; ability to apply configuration. |
All |
All |
View |
View |
Device Overrides |
Per-device configuration changes, ability to apply configuration. |
All |
All |
All |
View |
Notifications |
Alarms and Events |
All |
All |
All |
View |
Onboarding |
Device approval, onboarding settings like password change |
All |
All |
All |
View |
Reporting |
Report generation view |
All |
All |
All |
View |
Monitoring |
Statistics data from device |
All |
All |
All |
View |
Software Upgrade |
Device image import export, upgrade device |
All |
All |
All |
View |
Software Images |
Download device software images |
All |
All |
View |
View |
Data Tunnel |
Data tunnel configuration. |
All |
All |
View |
View |
Auto-Provisioning |
Support for global auto-provisioning rules. |
All |
All |
View |
View |
Application Settings |
Change global application configuration. |
All |
All |
View |
View |
The On-Premises API feature is starting a controlled beta this month. The AAA Services feature is for On-Premises login, and that is also planned for 1.6.0.