Permissions Required to Perform Tasks Using the Prime Network Clients

Users are allowed to view and manage devices and services depending on how their user account is configured.

  • For GUI operations that do not affect network elements, authorization is based on the default permission that is assigned to your user account.
  • For NE operations (tasks that do affect elements), authorization is based on whether the element is in one of your assigned device scopes and whether you meet the minimum security level for that scope.

For more information on user authorization, see the Cisco Prime Network 5.2 Administrator Guide.

These topics provide tables that describe the permissions required to perform tasks in Prime Network.

Vision Client Permissions

Permissions for Vision Client Basic Operations

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

Start the Prime Network Vision client

X

X

X

X

X

Change a user password in the Vision client

1

1

1

1

X1

Set Prime Network Vision client options

X

X

X

X

X

Work with Vision client tables

X

X

X

X

X

1.Each user can change their own password, but only the Administrator role can change another user’s password.

Permissions for Vision Client Maps

Vision Client Maps—NEs in User’s Scope

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator
Map-Related Tasks

Apply a background image

X

X

Create maps

X

X

X

Define a map layout

X

X

X

X

X

Delete maps

X

X

X

Open maps

X

X

X

X

X

Preview and print maps

X

X

X

X

X

Rename maps

X

X

X

Save as a new map

X

X

X

Save as an image

X

X

X

X

X

Save map appearance

X

X

X

Select viewing options

X

X

X

X

X

Use Overview window

X

X

X

X

X

View maps

X

X

X

X

X
Element-Related Tasks

Add elements to a map

X

X

X

Remove elements from a map

X

X

X

Resize elements in a map

X

X

X

X

X
Aggregation-Related Tasks

Group and ungroup aggregations

X

X

X

Rename aggregations

X

X

X

X

X

View aggregation thumbnails

X

X

X

X

X
Finding Items in Maps

Find affected elements

X

X

X

X

X

Find an element or service

X

X

X

X

X

Find and select a link in a map 2

X

X

X

X

X
Link-Related Task

Filter links

X

X

X

X

X
Overlay-Related Tasks

Apply an overlay

X

X

X

X

X

Hide or view an overlay

X

X

X

X

X

Remove an overlay

X

X

X

X

X
Other Tasks

Open the CPU Usage Graph

X

X

X

Use Ping and Telnet to communicate with devices

X

X

2.This applies to links within the selected context, and not links identified as network links.

Vision Client Maps—NEs Not in User’s Scope (or Actions Not Related to NEs)

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator
Map-Related Tasks

Apply a background image

X

X

Create maps

X

X

X

Define a map layout

X

X

X

X

X

Delete maps

X

X

X

Open maps

X

X

X

X

X

Preview and print maps

X

X

X

X

X

Rename maps

X

X

X

Save as a new map

X

X

X

Save as an image

X

X

X

X

X

Save map appearance

X

X

X

Select viewing options

X

X

X

X

X

Use Overview window

X

X

X

X

X

View maps

X

X

X

X

X
Element-Related Tasks

Add elements to a map

X

X

X

Remove elements from a map

X

X

X

Resize elements in a map

X

X

X

X

X
Aggregation-Related Tasks

Group and ungroup aggregations

X

X

X

Rename aggregations

X

X

X

X

X

View aggregation thumbnails

X

X

X

X

X
Finding Items in Maps

Find affected elements

X

Find an element or service

X

X

X

X

X

Find and select a link in a map 3

X

X

X

X

X
Link-Related Task

Filter links

X

X

X

X

X
Overlay-Related Tasks

Apply an overlay

X

X

X

X

X

Hide or view an overlay

X

X

X

X

X

Remove an overlay

X

X

X

X

X
Other Tasks

Open the CPU Usage Graph

X

Use Ping and Telnet to communicate with elements

X

3.This applies to links within the selected context, and not links identified as network links.

Permissions for Vision Client NE-Related Operations

Vision Client NE Operations—NEs in User’s Device Scope

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

View maps

X

X

X

X

X

View network element properties

X

X

X

X

X

View network element properties in logical and physical inventory

X

X

X

X

X

View port status and properties

X

X

X

X

View VNE properties

X

X

X

X

X

Launch command ( NE > Commands)

4

1

1

X 1

X 1

Open the Port Utilization Graph

X

X

X

X

X

Enable and disable port alarms

X5

X 2

View tickets in inventory window

X

X

X

X

X

View network events in inventory window

X

X

X

X

X

View provisioning events in inventory window

X

X

X

X

X

4.Most commands provided with Prime Network require Configurator privileges. For commands created using Command Manager or Command Builder, the access role is specified when the command is created.

5.To enable and disable port alarms on a device, the Administrator scope level must also be configured for that device.

Vision Client NE Operations—NEs Not in User’s Device Scope (or Actions Not Related to NEs)

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

View maps

X

X

X

X

X

View network element properties

X

View network element properties in logical and physical inventory

X

View port status and properties

X

View VNE properties

X

Launch command ( NE > Commands)

6

1

1

X 1

X 1

Open the Port Utilization Graph

X

Enable and disable port alarms

X 2

View tickets in inventory window

X

View network events in inventory window

X

View provisioning events in inventory window

X

6.Most commands provided with Prime Network require Configurator privileges. For commands created using Command Manager or Command Builder, the access role is specified when the command is created.

Permissions for Vision Client Cisco PathTrace

Vision Client PathTrace—NEs in User’s Device Scope

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

Launch a path trace

X

X

X

X

View path information

X

X

X

X

Save Cisco PathTracer map files

X

X

X

X

Save Cisco PathTracer counter values

X

X

X

X

Rerun a path and compare results

X

X

X

X

Vision Client PathTrace—NEs Not in User’s Device Scope (or Actions Not Related to NEs)

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

All actions

X

View path information

X

Save Cisco PathTracer map files

X

Save Cisco PathTracer counter values

X

Rerun a path and compare results

X

Permissions for Vision Client Links

Vision Client Links—NEs in User’s Scope

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

View link properties in Map view

X

X

X

X

X

View link properties in Links view

X 7

X 1

X 1

X 1

X

View link properties in the Link Properties window

X

X

X

X

X

View link impact analysis

X

Add static links

X

X

Filter links using collection method

X

X

X

X

X

Find and select a link in a map

X

X

X

X

X

7.Link properties are limited in the Links view; not all information is available.

Links: NEs Not in User’s Scope (or Actions Not Related to NEs)

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

View link properties in Map view

X 8

X 1

X 1

X 1

X

View link properties in Links view

X 9

X 2

X 2

X 2

X

View link properties in the Link Properties window

X

View link impact analysis

X

Add static links

X

Filter links using collection method

X

X

X

X

X

Find and select a link in a map

X

X

X

X

X

8.Link properties are limited in the Map view; not all link information is available.

9.Link properties are limited in the Links view; not all link information is available.

Permissions for Tickets in Vision Client

The following conditions apply when working with tickets in the Vision client:

  • If an element that is outside of your scope is the root cause of a ticket that affects an element in your scope, you can view the ticket in the Vision client, but you will not be able to:

blank.gif View inventory by clicking the Location hyperlink.

blank.gif Acknowledge, deacknowledge, clear, add note, or remove the ticket.

  • You can acknowledge, deacknowledge, clear, remove, or add notes for a ticket only if you have OperatorPlus or higher permission for the element that holds the root alarm for that ticket.
  • If the source or contained sources of the ticket are not in your scope, you cannot view the ticket in the ticket table, view ticket properties, or perform actions on the ticket.
  • If the ticket contains a source that is in your scope, but the source is not the root cause, you can view the ticket in the ticket table and view ticket properties, but you cannot perform actions on the ticket.
  • If the source of the ticket is in your scope, you can view the ticket in the ticket table, view ticket properties, filter tickets, and perform actions on the ticket.
  • By default, users with the Administrator role have access to all managed elements and can perform any action on tickets. To change the Administrator user scope, see the topic on device scopes in the Cisco Prime Network 5.2 Administrator Guide.

The following table identifies the roles required to perform the high level tasks:

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

Acknowledge/deacknowledge tickets

X 10

X

X

Add notes to a ticket

X 1

X

X

Clear and remove tickets

X 1

X

X

Clear tickets

X 1

X

X

Filter tickets

X

X

X

X

X

Find affected elements

X

X

X

X

X

Remove tickets

X 1

X

X

View ticket properties

X

X

X

X

X

View tickets

X

X

X

X

X

10.In addition, the security level for the device scope must be OperatorPlus or higher for the device that holds the root alarm for a ticket.

Events Client Permissions

This topic identifies the roles that are required to work with the Events client. Prime Network determines whether you are authorized to perform a task as follows:

  • For GUI operations that do not affect elements, authorization is based on the default permission that is assigned to your user account.
  • For NE operations (tasks that do affect elements), authorization is based on the default permission that is assigned to your account. That is, whether the element is in one of your assigned scopes and whether you meet the minimum security level for that scope.

Change and Configuration Management (CCM) Permissions

note.gif

Noteblank.gif In CCM, the user role always takes precedence over the device scope security level.

 

Task
Minimum GUI Access Role
Minimum Device Scope Security Level
Dashboard

Access top families

Viewer

Viewer

Access configuration sync status

Viewer

Viewer

Access configuration changes in the last week

Viewer

Viewer

Access most recent configuration changes

Viewer

Viewer
Configuration Management

View configuration archives

Viewer

Viewer

View files in archive

Viewer

N/A

Compare files in archive

Viewer

N/A

Compare the latest configuration in device

Viewer

OperatorPlus

Synchronize configurations

Viewer

Configurator

Back up (copy) files from devices to archive

Viewer

OperatorPlus

Restore files from archive to devices

Configurator

Configurator

Edit configuration files before restoring them to devices

Configurator

Configurator

Edit the edited archive version of configuration files and restore them to devices

Configurator

Configurator

View configuration change logs

Viewer

Viewer

Delete configuration files from archive

Configurator

N/A

Manage labels for archive files11

Configurator

N/A

Add and edit comments for archive file

Configurator

N/A

Export configuration files from archive

Configurator

N/A

Edit configuration file from archive

Configurator

N/A

Edit configuration file and restore it to device

Configurator

N/A

Restore the edited archive versions of configuration file to device

Configurator

N/A

Restore configuration files

Viewer

N/A
Image Management

Upload software image from device to repository

Configurator

OperatorPlus

Distribute images

Configurator

Configurator

Activate and deactivate images

Configurator

Configurator

Commit image changes

Configurator

Configurator

Rollback images

Configurator

Configurator

View images in repository

Viewer

N/A

Add package

Configurator

Configurator

Add images to repository

Configurator

N/A

Delete images from repository

Configurator

N/A

Import images from device

Configurator

OperatorPlus
Managing Device Groups

Create device groups

Configurator

Configurator

Edit device group details

Configurator

Configurator

Delete device groups

Configurator

N/A
Compliance Audit

Create policies

Configurator

N/A

Create policy profiles

Operator

N/A

Execute audit job

Operator

Operator

View audit job results

Operator

Operator

Execute a Fix job

Note To execute a fix job, the device-level role of the user must be Configurator or Administrator. The role of the user for a device overrides the role of a user on Prime Network.

Configurator

OperatorPlus

View the fix job results12

Configurator

OperatorPlus
Configuration Audit

Define configuration policies

Configurator

Configurator

Schedule configuration audit

Configurator

Configurator

View configuration audit jobs and audit results

OperatorPlus

OperatorPlus
Global Tasks

View jobs

Viewer

N/A

Administer jobs (suspend, delete, and so forth) 2

Configurator

N/A

Change settings

Configurator

N/A

11.Configuration files are filtered according to the device scope of a user.

12.Users with Viewer, Operator, and OperatorPlus roles can view only their own jobs; Users with Configurator role can view and manage their own jobs; Administrators can view and manage all jobs.

note.gif

If a user role is modified in Prime Network, you need to logout from CCM and then login again for the changes to get effect.

For information on how Prime Network performs user authentication and authorization, including an explanation of user access roles and device scopes, see the Cisco Prime Network 5.2 Administrator Guide.

Permissions for Business Tags and Business Elements (Vision and Events Clients)

Business Tags—NEs in User’s Scope

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

Attach a business tag

Partial 13

X

Detach a business tag

Partial 1

X

Search for a business tag

Partial 1

X

View business tag properties

Partial 1

X

Rename a business element

X

X

X

X

X

Delete a business element

X

X

X

X

X

13.Configurator user role default permission supports the action for business elements, which do not have scopes. The Configurator user role default permission supports the action for elements only if the elements are in the user’s scope.

Business Tags—Devices Not in User’s Scope (or Actions Not Related to NEs)

)

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

Attach a business tag

Partial 14

X

Detach a business tag

Partial 1

X

Search for a business tag

Partial 1

X

View business tag properties

Partial 1

X

Rename a business element

X

X

X

X

X

Delete a business element

X

X

X

X

X

14.Configurator user role default permission supports the action for business elements, which do not have scopes. The Configurator user role default permission supports the action for elements only if the elements are in the user’s scope.

Reports Permissions (Vision and Events Clients)

Reports—NEs in User’s Scope

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

Generate Events Reports
  • Detailed Network Events Reports 15

X

X

X

X

X
  • Detailed Non-Network Events Reports

Partial 16

X
  • All other events reports

X

X

X

X

X

Generate Inventory Reports

X

X

X

X

X

Generate Network Service Reports

X

X

X

X

X

15.Detailed Ticket reports include only those tickets that have a root cause alarm associated with an element in the user’s scope.

16.A user with the Configurator role can generate Detailed Provisioning Events reports for elements that are in and outside their scope.

Reports—NEs Not in User’s Scope (or Actions Not Related to NEs)

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

Generate Events Reports
  • Detailed Network Events Reports

X
  • Detailed Non-Network Events Reports

Partial 17

X
  • All other events reports

X

Generate Inventory Reports

X

Generate Network Service Reports

X

17.A user with the Configurator role can generate Detailed Provisioning Events reports for elements that are in and outside their scope.

Reports—Generated by User

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

Schedule reports

X

X

X

X

X

Cancel reports

X

X

X

X

X

Delete reports

X

X

X

X

X

Export reports

X

X

X

X

X

Rename reports

X

X

X

X

X

Save reports

X

X

X

X

X

Set report preferences for purging and sharing

X

Share/unshare reports

X 18

X 1

X 1

X 1

X

View report properties

X

X

X

X

X

View reports

X

X

X

X

X

18.You can share or unshare reports only if sharing is enabled in the Administration client.

Reports—Generated by Other

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

All tasks

X

Reports—Report Folders

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

All tasks

X

Technologies and Services Permissions

These topics provides tables that list the permissions that are required to perform operations on devices that have the technologies or services configured on them.

Permissions for Managing Carrier Ethernet

Carrier Ethernet—NEs in User’s Device Scope

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator
Adding Elements to a Map

Add associated VLANs to a map

X

X

X

Add EFP cross-connects

X

X

X

Add Ethernet services to a map

X

X

X

Add pseudowires to a map

X

X

X

Add unassociated bridges

X

X

X

Add VLANs to a map

X

X

X

Add VPLS instances to a map

X

X

X
Viewing Element Properties

View access gateway properties

X

X

X

X

X

View associated network VLAN service links and VLAN mapping properties

X

X

X

X

X

View CDP properties

X

X

X

X

X

View EFD properties

X

X

X

X

X

View EFP cross-connect properties

X

X

X

X

X

View EFP properties

X

X

X

X

X

View Ethernet flow domains

X

X

X

X

X

View Ethernet LAG properties

X

X

X

X

X

View Ethernet service properties

X

X

X

X

X

View EVC service properties

X

X

X

X

X

View IP SLA responder service properties

X

X

X

X

X

View IS-IS properties

X

X

X

X

X

View Link Layer Discovery Protocol (LLDP) properties

X

X

X

X

X

View mLACP properties

X

X

X

X

X

View OSPF properties

X

X

X

X

X

View Provider Backbone Bridge (PBB) properties

X

X

X

X

X

View pseudowire properties

X

X

X

X

X

View pseudowire redundancy service properties

X

X

X

X

X

Viewing the PW-HE configuration

X

X

X

X

X

View REP properties

X

X

X

X

X

View REP properties for VLAN service links

X

X

X

X

X

View HSRP properties

X

X

X

X

X

View STP properties

X

X

X

X

X

View STP properties for VLAN service links

X

X

X

X

X

View VLAN bridge properties

X

X

X

X

X

View VLAN links between VLAN elements and devices

X

X

X

X

X

View VLAN mappings

X

X

X

X

X

View VLAN service link properties

X

X

X

X

X

View VLAN trunk group properties

X

X

X

X

X

View VPLS access EFP properties

X

X

X

X

X

View VPLS core or access pseudowire endpoint properties

X

X

X

X

X

View VPLS instance properties

X

X

X

X

X

View VSI properties

X

X

X

X

X

Working with Overlays

Apply overlays

X

X

X

X

X

Display or hide overlays

X

X

X

X

X

Remove overlays

X

X

X

X

X

View pseudowire tunnel links in VPLS overlays

X

X

X

X

X

View REP information in VLAN domain views and VLAN overlays

X

X

X

X

X

View STP information in VLAN domain views and VLAN overlays

X

X

X

X

X

Other Tasks

Display pseudowire information

X

X

Ping a pseudowire

X

X

Remove VLANs from a map

X

X

X

Rename Ethernet flow domains

X

X

X

X

X

Using REP and mLACP Show Commands

X

X

Using Pseudowire Ping and Show Commands

X

X

Carrier Ethernet—NEs Not in User’s Device Scope (or Actions Not Related to NEs)

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator
Adding Elements to Maps

Add associated VLANs to a map

X

X

X

Add EFP cross-connects

X

X

X

Add Ethernet services to a map

X

X

X

Add pseudowires to a map

X

X

X

Add unassociated bridges

X

X

X

Add VLANs to a map

X

X

X

Add VPLS instances to a map

X

X

X
Viewing Element Properties

View access gateway properties

X

View associated network VLAN service links and VLAN mapping properties

X

View CDP properties

X

View EFD properties

X

View EFP cross-connect properties

Partial 19

Partial 1

Partial 1

Partial 1

X

View EFP properties

Partial 1

Partial 1

Partial 1

Partial 1

X

View Ethernet flow domains

X

X

X

X

X

View Ethernet LAG properties

X

View Ethernet service properties

X

X

X

X

X

View EVC service properties

X

View IP SLA responder service properties

X

View IS-IS properties

X

View Link Layer Discovery Protocol (LLDP) properties

X

View mLACP properties

X

View OSPF properties

X

View Provider Backbone Bridge (PBB) properties

X

View pseudowire properties

Partial 1

Partial 1

Partial 1

Partial 1

X

View pseudowire redundancy service properties

Partial 20

Partial 2

Partial 2

Partial 2

 

Viewing the PW-HE configuration

X

View REP properties

X

View REP properties for VLAN service links

X

View STP properties

X

View STP properties for VLAN service links

X

View HSRP properties

X

View virtual service instance properties

X

View VLAN bridge properties

X

View VLAN links between VLAN elements and devices

Partial 21

Partial 3

Partial 3

Partial 3

X

View VLAN mappings

X

View VLAN service link properties

X

View VLAN trunk group properties

X

View VPLS access EFP properties

X

View VPLS core or access pseudowire endpoint properties

X

View VPLS instance properties

X

X

X

X

X
Working with Overlays

Apply overlays

X

X

X

X

X

Display or hide overlays

X

X

X

X

X

Remove overlays

X

X

X

X

X

View pseudowire tunnel links in VPLS overlays

X

View REP information in VLAN domain views and VLAN overlays

X

View STP information in VLAN domain views and VLAN overlays

X
Other Tasks

Display pseudowire information

X

Ping a pseudowire

X

Remove VLANs from a map

X

X

X

Rename Ethernet flow domains

X

X

X

X

X

Using REP and mLACP Show Commands

X

X

Using Pseudowire Ping and Show Commands

X

X

19.The user can view properties available via Node > Properties but not those available via the right-click Properties option or in logical inventory.

20.The user can view the pseudowire redundancy icon in the navigation and map panes, but not the inventory or properties window.

21.The user can view links, but the links are dimmed and do not indicate their status.

Permissions for Managing Carrier Grade NAT

Carrier Grade NAT—NEs in User’s Device Scope

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

View Carrier Grade NAT properties

X

X

X

X

X

Using CG NAT Configure, Delete, and Show Commands

X

X

Carrier Grade NAT—NEs Not in User’s Device Scope (or Actions Not Related to NEs)

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

View Carrier Grade NAT properties

X

Using CG NAT Configure, Delete, and Show Commands

X

X

Permissions for Managing DWDM

DWDM—NEs in User’s Device Scope

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

View DWDM properties

X

X

X

X

X

View G.709 properties

X

X

X

X

X

View performance monitoring configuration information

X

X

X

X

X

Using IPoDWDM Configuration and Show Commands

X

X

DWDM—NEs Not in User’s Device Scope (or Actions Not Related to NEs)

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

View DWDM properties

X

View G.709 properties

X

View performance monitoring configuration information

X

Using IPoDWDM Configuration and Show Commands

X

X

Permissions for Using Ethernet OAM Tools

Ethernet OAM Tools—NEs in User’s Device Scope

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

View CFM properties

X

X

X

X

X

View Ethernet LMI properties

X

X

X

X

X

Use CFM, E-LMI, and L-OAM commands

X

X

Ethernet OAM Tools—NEs Not in User’s Device Scope (or Actions Not Related to NEs)

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

View CFM, E-LMI, L-OAM properties

X

Use CFM, E-LMI, and L-OAM commands

X

X

Permissions for Managing Y.1731 IPSLA

Y.1731 IPSLA—NEs in User’s Device Scope

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

View the Y.1731 probe properties

X

X

X

X

X

Configure Y.1731 probes

X

X

Y.1731 IPSLA—NEs Not in User’s Device Scope (or Actions Not Related to NEs)

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

View the Y.1731 probe properties

X

X

X

X

X

Configure Y.1731 probes

X

X

Permissions for Managing MPLS Services

MPLS Services—NEs in User’s Device Scope

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator
VPNs and VRFs

Add tunnels to VPNs

X

X

X

X

Add VPNs to a map

X

X

X

Create VPNs

X

X

X

Display VRF egress and ingress adjacents

X

Move virtual routers between VPNs

X

X

X

X

Remove tunnels from VPNs

X

X

X

X

X

Remove VPNs from a map

X

X

X

View IPv6 properties

X

X

X

X

X

View VPN properties

X

X

X

X

X

View VPNs

X

X

X

X

X

View VRF properties

X
VPN Overlays

Add VPN overlays

X

X

X

X

X

Display or hide VPN overlays

X

X

X

X

X

Remove VPN overlays

X

X

X

X

X
Routing Entities

View the ARP table

X

X

X

X

X

View the NDP table

X

X

X

X

X

View rate limit information

X

X

X

X

X
Other

View 6RD properties

X

X

X

X

X

View BFD properties

X

X

X

X

X

View cross-VRF routing entries

X

X

X

X

X

View LSE properties

X

X

X

X

X

View MP-BGP information

X

X

X

X

X

View MPLS TE tunnel information

X

X

X

X

X

View MPLS-TP information

X

X

X

X

X

View port configurations

X

X

X

X

X

View pseudowire end-to-end emulation tunnels

X

X

X

X

X

MPLS Services—NEs Not in User’s Device Scope (or Actions Not Related to NEs)

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator
Working with Elements

View IPv6 properties

X

Add tunnels to VPNs

X

X

X

X

Add VPNs to a map

X

X

X

Create VPNs

X

X

X

Move virtual routers between VPNs

X

X

X

X

Remove tunnels from VPNs

X

X

X

X

X

Remove VPNs from a map

X

X

X
Viewing Element Properties

View 6RD properties

X

View BFD properties

X

View cross-VRF routing entries

X

View LSE properties

X

View MP-BGP information

X

View MPLS TE tunnel information

X

View MPLS-TP information

X

View port configurations

X

View pseudowire end-to-end emulation tunnels

X

View rate limit information

X

View the ARP table

X

View the NDP table

X

View VPN properties

X

X

X

X

X

View VPNs

X

X

X

X

X

View VRF egress and ingress adjacents

X

View VRF properties

X
Working with Overlays

Add VPN overlays

X

X

X

X

X

Display or hide VPN overlays

X

X

X

X

X

Remove VPN overlays

X

X

X

X

X

Permissions for Managing IP and MPLS Multicast

IP and MPLS Multicast—NEs in User’s Device Scope

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

View multicast configuration details

X

X

X

X

X

View Multicast Label Switch details

X

X

X

X

X

View Routing entities

X

X

X

X

X

View VRF Properties

X

X

X

X

X

IP and MPLS Multicast—NEs Not in User’s Device Scope (or Actions Not Related to NEs)

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

View multicast configuration details

X

X

X

X

X

View Multicast Label Switch details

X

X

X

X

X

View Routing entities

X

X

X

X

X

View VRF Properties

X

X

X

X

X

Permissions for Managing MToP

MToP—NEs in User’s Device Scope

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

View MToP properties

X

X

X

X

X

Using SONET Configure, Clear, and Show Commands

X

X

MToP—NEs Not in User’s Device Scope (or Actions Not Related to NEs)

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

View MToP properties

X

Using SONET Configure, Clear, and Show Commands

X

X

Permissions for Managing SBCs

SBC—NEs in User’s Device Scope

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

Viewing SBC properties

X

X

X

X

X

Using SBC Configuration and Monitoring Commands

X

X

Using SBC Show Commands

X

X

SBC—NEs Not in User’s Device Scope (or Actions Not Related to NEs)

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

Viewing SBC properties

X

Using SBC Configuration and Monitoring Commands

X

X

Using SBC Show Commands

X

X

Permissions for Managing AAA

AAA—NEs in User’s Device Scope

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

View AAA group profile

X

X

X

X

X

View dynamic authorization profile

X

X

X

X

X

View RADIUS global configuration details

X

X

X

X

X

View diameter configuration details for AAA group

X

X

X

X

X

View RADIUS configuration details for AAA group

X

X

X

X

X

View RADIUS keepalive and dtect dead server for AAA group

X

X

X

X

X

View RADIUS authentication configuration details for AAA group

X

X

X

X

X

View charging configuration details for AAA group

X

X

X

X

X

View charging trigger configuration details for AAA group

X

X

X

X

X

Use AAA configuration commands

X

X

AAA—NEs Not in User’s Device Scope (or Actions Not Related to NEs)

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

View AAA group profile

 

 

 

 

 

View dynamic authorization profile

 

 

 

 

 

View RADIUS global configuration details

 

 

 

 

 

View diameter configuration details for AAA group

 

 

 

 

 

View RADIUS configuration details for AAA group

 

 

 

 

 

View RADIUS keepalive and detect dead server for AAA group

 

 

 

 

 

View RADIUS authentication configuration details for AAA group

 

 

 

 

 

View charging configuration details for AAA group

 

 

 

 

 

View charging trigger configuration details for AAA group

 

 

 

 

 

Use AAA configuration commands

 

 

 

 

 

Permissions for Managing IP Pools

IP Pools—NEs in User’s Device Scope

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

View IP pool properties

X

X

X

X

X

Use IP pool configuration commands

X

X

X

X

X

IP Pools—NEs Not in User’s Device Scope (or Actions Not Related to NEs)

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

View IP pool properties

 

 

 

 

 

Use IP pool configuration commands

 

 

 

 

 

Permissions for Managing BNG

BNG—NEs in User’s Device Scope

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

View BBA profiles

X

X

X

X

X

View Subscriber Access Points

X

X

X

X

X

Diagnose Subscriber Access Points

X

X

View DHCP Service Profile

X

X

X

X

X

View IP Subscriber Template

X

X

X

X

X

View PPP Templates

X

X

X

X

X

View Service Templates

X

X

X

X

X

View policy details

X

X

X

X

X

View QoS profile

X

X

X

X

X

View AAA Group profile

X

X

X

X

X

View Dynamic Authorization profile

X

X

X

X

X

View Radius Global Configuration details

X

X

X

X

X

BNG—NEs Not in User’s Device Scope (or Actions Not Related to NEs)

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

View BBA profiles

 

 

 

 

 

View Subscriber Access Points

 

 

 

 

 

Diagnose Subscriber Access Points

 

 

 

 

 

View DHCP Service Profile

 

 

 

 

 

View IP Subscriber Template

 

 

 

 

 

View PPP Templates

 

 

 

 

 

View Service Templates

 

 

 

 

 

View policy details

 

 

 

 

 

View QoS profile

 

 

 

 

 

View AAA Group profile

 

 

 

 

 

View Dynamic Authorization profile

 

 

 

 

 

View Radius Global Configuration details

 

 

 

 

 

Permissions for Managing Mobile Technologies

Mobile Technologies—NEs in User’s Device Scope

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

Viewing GGSN properties

X

X

X

X

X

Viewing additional characteristics of a GGSN

X

X

X

X

X

Working with GGSN commands

X

X

Viewing the SGSN Configuration Details

X

X

X

X

X

Working with SGSN commands

X

X

Viewing the MME Configuration Details

X

X

X

X

X

Working with MME commands

X

X

Viewing GTPU properties

X

X

X

X

X

Working with GTPU commands

X

X

Viewing APN properties

X

X

X

X

X

Viewing additional characteristics of an APN

X

X

X

X

X

Working with APN commands

X

X

Viewing SAE-GW properties

X

X

X

X

X

Viewing P-GW properties

X

X

X

X

X

Working with P-GW commands

X

X

Viewing S-GW properties

X

X

X

X

X

Working with S-GW commands

X

X

Viewing SaMOG properties

X

X

X

X

X

Working with SaMOG commands

X

X

Viewing CGW properties

X

X

X

X

X

Working with CGW commands

X

X

Viewing MRME properties

X

X

X

X

X

Working with MRME commands

X

X

Viewing GTPP properties

X

X

X

X

X

Viewing additional characteristics of a GTPP

X

X

X

X

X

Working with GTPP commands

X

X

Viewing EGTP properties

X

X

X

X

X

Working with EGTP commands

X

X

Viewing operator policies

X

X

X

X

X

Viewing APN remaps

X

X

X

X

X

Viewing APN profiles

X

X

X

X

X

Viewing additional characteristics of an APN profiles

X

X

X

X

X

Viewing active charging services (ACS)

X

X

X

X

X

Working with ACS commands

X

X

Viewing QCI-QoS mapping

X

X

X

X

X

Viewing the Layer 2 Tunnel Access Concentrator Configurations

X

X

X

X

X

Viewing the HSGW configuration

X

X

X

X

X

Viewing the Home Agent configuration

X

X

X

X

X

Viewing the Foreign Agent configuration details

X

X

X

X

X

Viewing the ePDG configuration details

X

X

X

X

X

Viewing the PDSN configuration details

X

X

X

X

X

Viewing the Local Mobility Anchor configuration

X

X

X

X

X

Mobile Technologies—NEs Not in User’s Device Scope (or Actions Not Related to NEs)

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

Viewing GGSN properties

X

Viewing additional characteristics of a GGSN

X

Working with GGSN commands

X

Viewing the SGSN Configuration Details

X

Working with SGSN commands

X

Viewing the MME Configuration Details

X

Working with MME commands

X

Viewing GTPU properties

X

Working with GTPU commands

X

Viewing APN properties

X

Viewing additional characteristics of an APN

X

Working with APN commands

X

Viewing SAE-GW properties

X

Viewing P-GW properties

X

Working with P-GW commands

X

Viewing S-GW properties

X

Working with S-GW commands

X

Viewing SaMOG properties

X

Working with SaMOG commands

X

Viewing CGW properties

X

Working with CGW commands

X

Viewing MRME properties

X

Working with MRME commands

X

Viewing GTPP properties

X

Viewing additional characteristics of a GTPP

X

Working with GTPP commands

X

Viewing EGTP properties

X

Working with EGTP commands

X

Viewing operator policies

X

Viewing APN remaps

X

Viewing APN profiles

X

Viewing additional characteristics of an APN profiles

X

Viewing active charging services (ACS)

X

Working with ACS commands

X

Viewing QCI-QoS mapping

X

Viewing the Layer 2 Tunnel Access Concentrator Configurations

X

Viewing the HSGW configuration

X

Viewing the Home Agent configuration

X

Viewing the Foreign Agent configuration details

X

Viewing the ePDG configuration details

X

Viewing the PDSN configuration details

X

Viewing the Local Mobility Anchor configuration

X

Permissions for Managing Data Center Networks

Data Center—NEs in User’s Device Scope

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

Viewing Virtual Port Channel Configuration

X

X

X

X

X

Viewing vPC Configuration

X

X

X

X

X

Viewing Cisco FabricPath Configuration

X

X

X

X

X

Monitoring Cisco FabricPath Configuration

X

X

X

X

X

Viewing Virtual Data Centers

X

X

X

X

X

Viewing the Data Stores of a Data Center

X

X

X

X

X

Viewing the Host Servers of a Data Center

X 1

X 1

X 1

X 1

X22

Viewing the Virtual Machines of a Data Center

X 1

X 1

X 1

X 1

X 1

Viewing Host Cluster Details

X 1

X 1

X 1

X 1

X 1

Viewing Resource Pool Details

X 1

X 1

X 1

X 1

X 1

Viewing the Map Node for an UCS Network Element

X

X

X

X

X

Viewing the Virtual Network Devices of a Data Center

X 1

X 1

X 1

X 1

X 1

Viewing the Compute Server Support Details

X 1

X 1

X 1

X 1

X 1

Viewing the Storage Area Network Support Details

X 1

X 1

X 1

X 1

X 1

Monitoring the Compute Services Search Capability

X

X

X

X

X

22.For users to be able to view VMs and hypervisors, a user's device scope must include all relevant vCenter VNEs.

Data Center—NEs Not IN User’s Device Scope (Or Actions Not Related to NEs)

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

Viewing Virtual Port Channel Configuration

 

 

 

 

 

Viewing vPC Configuration

 

 

 

 

 

Viewing Cisco FabricPath Configuration

 

 

 

 

 

Monitoring Cisco FabricPath Configuration

 

 

 

 

 

Viewing Virtual Data Centers

 

 

 

 

 

Viewing the Data Stores of a Data Center

 

 

 

 

 

Viewing the Host Servers of a Data Center

 

 

 

 

 

Viewing the Virtual Machines of a Data Center

 

 

 

 

 

Viewing Host Cluster Details

 

 

 

 

 

Viewing Resource Pool Details

 

 

 

 

 

Viewing the Map Node for an UCS Network Element

 

 

 

 

 

Viewing the Virtual Network Devices of a Data Center

 

 

 

 

 

Viewing the Compute Server Support Details

 

 

 

 

 

Viewing the Storage Area Network Support Details

 

 

 

 

 

Monitoring the Compute Services Search Capability

 

 

 

 

 

Permissions for Managing Cable Technologies

Cable Technologies—NEs in User’s Device Scope

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

Viewing the Cable Broadband Configuration Details

X

X

X

X

X

Viewing the DTI Configuration Details

X

X

X

X

X

Viewing the QAM Domain Configuration Details

X

X

X

X

X

Viewing the MAC Domain Configuration Details

X

X

X

X

X

Viewing the Narrowband Channels Configuration Details

X

X

X

X

X

Viewing the Wideband Channels Configuration Details

X

X

X

X

X

Viewing the Fiber Node Configuration Details

X

X

X

X

X

Cable Technologies—NEs Not in User’s Device Scope (or Actions Not Related to NEs)

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

Viewing the Cable Broadband Configuration Details

 

 

 

 

 

Viewing the DTI Configuration Details

 

 

 

 

 

Viewing the QAM Domain Configuration Details

 

 

 

 

 

Viewing the MAC Domain Configuration Details

 

 

 

 

 

Viewing the Narrowband Channels Configuration Details

 

 

 

 

 

Viewing the Wideband Channels Configuration Details

 

 

 

 

 

Viewing the Fiber Node Configuration Details

 

 

 

 

 

Permissions for Managing DSL2+ and VDSL2

ADSL2+ and VDSL2—NEs in User’s Device Scope

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

Viewing the ADSL2+/VDSL2 configuration details

X

X

X

X

X

Viewing the ADSL/ADSL2+ physical inventory details for a device

X

X

X

X

X

Viewing the DSL Bonding Group configuration details

X

X

X

X

X

ADSL2+ and VDSL2—NEs Not in User’s Device Scope (or Actions Not Related to NEs)

 

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

Viewing the ADSL2+/VDSL2 configuration details

 

 

 

 

 

Viewing the ADSL/ADSL2+ physical inventory details for a device

 

 

 

 

 

Viewing the DSL Bonding Group configuration details

 

 

 

 

 

Permissions for Managing GPON Technology

GPON Technology—NEs in User’s Device Scope

Task
Viewer
Operator
OperatorPlus
Configurator
Administrator

Viewing the Profile Configurations

X

X

X

X

X

Viewing the Class of Service Configuration

X

X

X

X

X

Viewing the Link Aggregation Group Configuration

X

X

X

X

X

Viewing the Firmware Configuration

X

X

X

X

X

Viewing the OLT Services and Bridges Configuration

X

X

X

X

X

Viewing the Physical Inventory of the ONU and OLT

X

X

X

X

X

Viewing the DHCP Relay Agent Configuration for OLT

X

X

X

X

X

Viewing the Routing Entities Configuration for OLT

X

X

X

X

X