- Cisco Nexus Data Broker Overview
- Deploying Cisco Nexus Data Broker
- Managing TLS Certificate, KeyStore, and TrustStore Files
- Logging in and Managing Cisco Nexus Data Broker
- Configuring Cisco Nexus 9000 Series Switches
- Managing Devices
- Configuring Ports and Devices
- Filtering Flows
- Managing Roles and Resources
- Managing Flows
- Troubleshooting
- Managing Slices
- Administrative Tasks
Managing Roles and Resources
This chapter contains the following sections:
- About Cisco Data Broker Users
- Creating a Role
- Configuring a Role to Access Multiple Disjoint Networks
- Removing a Role
- Creating a Resource Group
- Adding Resources to a Resource Group
- Assigning a Group to a Role
- Unassigning a Group
- Removing a Group
About Cisco Data Broker Users
Cisco Nexus Data Broker uses roles and levels to manage user access. One of the following levels can be assigned to each role that you create:
-
App-Administrator—Has full access to all Cisco Nexus Data Broker resources.
-
App-User—Has full access to resources that are assigned to his resource group and resources that are created by another user who has similar permissions.
Each role is assigned to one or more groups, which are collections of resources. Group resources are non-Inter Switch Link (ISL) ports that are specifically assigned to that group. After you have created a group, you can assign that group to a role.
Creating a Role
Configuring a Role to Access Multiple Disjoint Networks
Multiple disjoint networks are the virtual networks that you create when you create network slices in the Cisco Nexus Data Broker application. Roles can be configured to permit role-based access to multiple Cisco Nexus Data Broker disjoint networks.
For example, if you have two networks, the first named dev and the second named prod, the network administrator can create a user that has access to both networks but with difference privileges for each network. The access level for network dev can be assigned as App-Admin, and the access level for network prod can be assigned as App-User.
The App-Admin privilege provides the ability to create, edit, and delete his or other roles' rules and filters on the assigned network, in this case, dev. The App-User privilege provides the ability to create, edit, and delete rules and filters owned by this role only on the assigned network, in this case, prod. The application user role can create, edit, or delete rules and filters only for the disjoint network or networks to which the role has been assigned. In addition, the application user role can view and apply filters created by the application administrator, but cannot edit or delete them.
| Step 1 | Log in to the Cisco Nexus Data Broker network with the Network-Admin role username and password. | ||
| Step 2 | Ensure that you are in the dev network. | ||
| Step 3 | On the menu bar, choose Settings from the Admin drop-down list . | ||
| Step 4 | Click Add Role. | ||
| Step 5 | In the
Name field of the
Add
Role dialog box, enter the name for the role, for example,
NDB-role-dev.
The name can contain between 1 and 256 alphanumeric characters including the following special characters: underscore ("_"), hyphen ("-"), plus ("+"), equals ("="), open parenthesis ("("), closed parenthesis (")"), vertical bar ("|"), period ("."), or at sign ("@"). | ||
| Step 6 | From the Level drop-down list, choose App-Administrator. | ||
| Step 7 | Click Submit. | ||
| Step 8 | On the menu bar, choose the prod network from the network drop-down list. | ||
| Step 9 | Repeat Steps 3 and 4 for the prod network. | ||
| Step 10 | In the Name field of the Add Role dialog box, enter NDB-role-prod. | ||
| Step 11 | From the Level drop-down list, choose App-User. | ||
| Step 12 | Click Submit. | ||
| Step 13 | Assign
allPorts to role MM-role-prod under the
Assign tab.
The role NDB-role-dev now has App-Administrator permissions to the network dev and the role NDB-role-prod has App-User permissions to network prod. You can now create a user that has both of these application roles.
|
Removing a Role
Creating a Resource Group
| Step 1 | From the Admin drop-down list, choose Settings. |
| Step 2 | On the Groups tab, click Add Group. |
| Step 3 | In the
Add
Resource Group dialog box, enter the name that you want to use for
the resource group.
The name can contain between 1 and 256 alphanumeric characters including the following special characters: underscore ("_"), hyphen ("-"), plus ("+"), equals ("="), open parenthesis ("("), closed parenthesis (")"), vertical bar ("|"), period ("."), or at sign ("@"). |
| Step 4 | Click Submit. |
What to Do Next
Add resources to the group.
Adding Resources to a Resource Group
Create a resource group.
| Step 1 | From the Admin drop-down list, choose Settings. |
| Step 2 | On the Groups tab, choose the group to which you want to add resources. |
| Step 3 | Choose a node in the topology diagram. |
| Step 4 | In the Add Ports to Group dialog box, choose the ports that you want to add to the group. |
| Step 5 | Click Submit. |
| Step 6 | Repeat Step 3 through Step 5 for all of the ports that you want to add. |
| Step 7 | Remove a resource, or multiple resources, by choosing one or more ports in the Group Detail table, and then clicking Remove Ports. |
| Step 8 | In the Remove Ports dialog box, click Remove. |
What to Do Next
Assign the resource group to a role.
Assigning a Group to a Role
| Step 1 | From the Admin drop-down list, choose Settings. | ||||||||||
| Step 2 | Click the Assign tab. | ||||||||||
| Step 3 | Click Assign next to the role for which you want to assign a group. | ||||||||||
| Step 4 | In the
Configure
Role dialog box, complete the following fields:
| ||||||||||
| Step 5 | Click Apply. |
Unassigning a Group
Removing a Group
The following groups cannot be removed:
Feedback