R12.1-JA-2025June05

Device Access Control, User Privilege and other

This topic includes restrictions to data in the following user privilege:

  1. Device Access Control (DAC)
  2. Shared Resource and File Management
  3. Audit Log
  4. Access to the Live Network

Device Access Control

Retrieving the data from a device and viewing the feature instance results corresponding information is not permitted without the Device Access Control (DAC) privilege. The restrictions are detailed in the following steps node wise:

  1. Restrictions in the Define Eigen node:
    1. When you select a device and click Retrieve, a warning prompt will appear.
    2. And the Text View and Variable Preview panes will display ===No Privilege to view device data===.

  2. Restrictions in the Calculate Feature Instance and Define Role node: Only the device and count information will be displayed. And other columns will display"===No Privilege to view device data===".
    Information

    Note: If there are multiple devices in a row and one of the device lacks DAC permission, then all the devices will be treated as having no permissions.

    1. In the Calculate Feature Instance node:
    2. In the Define Role node:

Shared Resource and File Management

Users without Shared Resource and File Management can open multiple tab pages within the GES. However, their capabilities are limited:

Without the Shared Resource and File Management privilege, you will have view only access to the Golden Feature and restricted to:

  1. Modify or Save content.
  2. Run processes, calculate roles, or publish results.
  3. In the specific Golden Feature drop down menu, all the options are disabled except Export and Copy Path.
  4. In the right-click menu of the folder, only Export is allowed and all other options are disabled.

Audit Log

The following operations will be recorded in the Audit Log:

  • New Feature
  • Delete Feature
  • Edit & Save Feature
  • Import Feature
    Log sample: ["2024-10-16T20:39:38.4570707Z","caohuan","shared_tenant","shared_domain","","10.99.98.43","Chrome","NI","Import","Import Golden Feature File BGP.xgf.","Succeeded","","WIN-SPJ3THMG467 (192.168.31.15)"])
  • Import Folder.

Access to the Live Network

If you do not have the privilege to Access to Live Network and attempt to retrieve CLI/Config data from Live Network data source, an error message will appear indicating insufficient permissions.

Information

Note: If no Parser Variables have been added and only System Data (GDR) is used, the operation can be run without restrictions.

Adding Privileges to the User Role

To add Shared Resource and File Management access:

  1. Go to System Management>User Accounts>Roles>+Add to open the dialog Add Role.
  2. Enter the Role name and Description (optional).
  3. In the privileges section, scroll down to Shared Resource and File Management and select the check box.
  4. Click OK to save and close the window.
 

Follow the image below to Add Role i.e., Shared Resource and File Management.



Advanced Settings in GF Golden Intent Builder