Role-based access control (RBAC) is the process of restricting user access to network resources. In RBAC, users are assigned roles depending on the resources they need access to. All other parts of the network are rendered inaccessible to them, ensuring no unauthorized accesses or changes are made to network resources.
Network Configuration Manager comes with two predefined access levels and a scope of access that restricts users from accessing certain devices or device groups.
|Access level (role)||Definition|
|Administrator||These users have privileges to access, edit, and push configurations to any device. Only administrators can add devices to the inventory, add users, assign roles, and assign devices. In addition, administrators can approve or reject requests pertaining to configuration uploads (pushing configurations) by operators.|
|Operator||These users have privileges to access and edit configurations of specified devices. They can also send requests for configuration uploads (pushing configurations) to administrators.|
Since Network Configuration Manager runs on a multi-user network environment, it's vital to restrict user access to network devices. A faulty change to the network can lead to network issues, which can cause either a network disaster or a full-blown network outage. Reversing such outages can be time-consuming, which is why all changes should be checked and approved by the network admin.
Change notifications during the change approval workflow keep admins informed about configuration upload requests in real time. Admins can categorize these notifications according to the type of change, and set a rollback mechanism for each notification category. The rollback mechanism allows the admin to automate the reversal of all changes of a particular type to the baseline or previous configuration version.
For example, admins can set a rollback for changes made to the running configurations for the Cisco device group. Every time an operator requests a change of this type, Network Configuration Manager automatically rolls back the device to the predefined configuration version.
RBAC helps you define the scope of access for users so you can control what changes they can make to the network. Let's say a user is assigned to the Cisco device group as an operator in Network Configuration Manager. The operator can view the status of all devices in the device group, schedule backups, and request changes.
When the operator requests a configuration upload, the admin receives a change notification. If a rollback mechanism has not been set, the admin has to approve or deny the changes manually. The admin can also choose to leave comments while processing changes. This helps maintain control over what goes on in your network devices.
Network Configuration Manager offers advanced configuration change management functionalities like Diff View, real-time change detection and notifications. Get started with securing your network from configuration change mishaps and outages with your free trial of Network Configuration Manager.