Role-based access control (RBAC)

Role-based access control (RBAC) is the process restricting user access to network resources based on the roles assigned to them. The users are assigned roles depending on the resources they need to access for their operations. All other parts of the network are rendered inaccessible to the users, ensuring that there is no unauthorized access or changes made to the network resources.

What are the access levels in Network Configuration Manager:

Network Configuration Manager comes with three pre-defined access levels and scope of access that restricts the users access to devices/device groups.

Access Level (Role) Definition
Administrator With all privileges to access, edit and push configuration of all devices. Only administrator can add devices to the inventory, add users, assign roles and assign devices. In addition, administrator can approve or reject requests pertaining to configuration upload (pushing configuration) by operators.
Operator With privileges to access and edit configuration of specified devices. Can send requests for configuration upload (pushing configuration) to Administrators/Power Users.

Why is RBAC and configuration approval necessary in Network Configuration Manager?

Since Network Configuration Manager runs on a multi-user network environment, it becomes necessary to restrict user access to network devices. A faulty change to the network can lead to network issues which can cause network disasters and full-blown network outages. Reversing such outages can be time-consuming which is why all changes must be run through and approved by the network admin. The change notifications in the change approval workflow keeps the admin informed of configuration upload requests in real-time. The admin can categorize these notifications according to the type of changes and also set a rollback mechanism for each notification category. The rollback mechanism allows the admin to automate the reversal of all changes of a particular type to the baseline or previous configuration version. For example, the admin can set a rollback for changes made to the running configurations for the Cisco device group. Everytime an operator requests a change of this type, Network Configuration Manager automatically rolls back the device to the predefined configuration version.

Role based access control example:

As discussed, RBAC helps you define the scope of access of users and take control over what changes they can make to the network. Let's take the example of a user being assigned as an operator to the Cisco device group in Network Configuration Manager. The operator can view the status of all devices in the device group, schedule backups and also request changes. When the user requests a configuration upload, the admin or the power user receives change notifications. If a rollback mechanism has not been set, the admin has to approve or disapprove of the changes manually. The admin can also choose to leave comments while processing the changes. This would help in keeping control on what goes on in your network devices.

Network Configuration Manager offers advanced configuration change management functionalities like diff view, real-time change detection and notifications. Secure your network from configuration change mishaps and outages.

 

RBAC change management rule

RBAC-change-management-rule

RBAC rollback mechanism

RBAC-rollback-mechanism

RBAC add new user

RBAC-add-new-user