# Authorization Profile
The Authorization Profile module defines user access levels and permissions for interacting with network devices. It ensures that only authorized users can execute specific commands or modify configurations.
## **What do you see on the screen**
**Basic Details |** Authorization Profile
| **Label** | **Action** | **Description/Example** |
| --------------------------------- | ------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **Search** | Enter at least three characters to search for an existing profile. | **Example:** "Admin" will return "Admin\_Profile1, Admin\_Profile2" |
| **Filter** | Apply filters based on predefined fields and conditions. |
Fields: "Profile Name, Default Action, Status, Asset Tag" Conditions: "In, Not In, Equal To, Not Equal To"
|
| **CLI Jobs** | Click to navigate to the CLI Jobs module. | The **CLI Jobs** module manages direct CLI sessions (SSH/Telnet) between a **device and a user** through the NCCM application. |
| **Default Authorization Profile** | View the system-defined default authorization profile. | This profile applies **default access policies** when no specific profile is assigned. |
| **Add** | Click to create a new authorization profile. | Opens the **Add Authorization Profile** page. |
| **Profile Name** | No actions; view-only. | Displays the unique profile name. Example: "Network\_Admins\_Profile" |
| **Status** | No actions; view-only. | Displays whether the profile is **Active (ON)** or **Inactive (OFF)**. |
| **IP Address** | No actions; view-only. | Displays the associated device management IP addresses. Example: "192.168.1.10" |
| **Asset Tag** | No actions; view-only. | Displays the assigned asset tags for this profile. Example: "Switches, Firewalls" |
| **User Name(s)** | No actions; view-only. | Displays users assigned to this profile. Example: "John Doe, Jane Smith" |
| **User Tag** | No actions; view-only. | Displays user groups assigned to this profile. Example: "Network Engineers" |
| **Default Action** | No actions; view-only. | Displays the default permission for users: |
| **Deny Commands** | Click to view commands added. | Lists commands that users in this profile **cannot** execute. Example: "shutdown, reload" |
| **Permit Commands** | Click to view commands added. | Lists commands that users in this profile **are allowed** to execute. Example: "show running-config, ping" |
| **System Commands** | Click to view commands added. | Displays system-defined commands available to the profile. Example: "exit, logout" |
| **Description** | No actions; view-only. | Provides a brief description of the authorization profile. Example: "Admin access to core routers" |
| **Visibility** | No actions; view-only. | Indicates if the profile is **Public** (shared) or **Private** (restricted). |
| **Action Icons** | | |
| **Edit** | Select a profile and click **Edit** to modify it. | Users can update profile settings such as **commands, visibility, user tags, etc.** |
| **Clone** | Duplicate an existing profile with minimal modifications. | Clicking **Clone** will open a new profile with pre-filled details from the selected profile. |
| **Delete** | Remove an existing profile. | Select a profile and click **Delete** to permanently remove it. |
| **Detail View** | View detailed information about the profile in a pop-up window. | Displays **users, profile names, IP addresses, and status** in an expanded view. |
| **Bulk Actions** | | |
| **Enable** | Select multiple profiles and enable them in bulk. | Enabled profiles will be marked as **Active**. |
| **Disable** | Select multiple profiles and disable them in bulk. | Disabled profiles will be marked as **Inactive**. |
| **Delete** | Remove multiple authentication profiles at once. | Example: Bulk-delete outdated or unnecessary profiles. |
## **Add Authorization Profile**
To add a new authorization profile, click on the **Add** option located at the top right corner of the page. Fill in the required details as outlined in the table below:
**Profile Details |** Add Authorization Profile
| **Label** | **Action** | **Description/ Example** |
| -------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ |
| **Profile Name**\* | Enter a unique name for the authorization profile. | Example: Admin\_Access, Read\_Only\_Profile |
| **Profile Description**\* | Provide a brief description of the authorization profile. | Example: "Allows full configuration access for admin users." |
| **Status** | Toggle the switch to enable or disable the profile. | **ON** (Active) / **OFF** (Inactive) |
| **Select from Authentication Profile** | Choose an existing authentication profile from the drop-down list. | Example: TACACS\_Auth, RADIUS\_Auth |
| **IP Address** | Enter a **single device management IP** or a **list of device management IPs** separated by a **comma, semicolon, or space**. | Example: 192.168.1.1; 192.168.1.2 |
| | Click the **CSV Import** icon to upload multiple IP addresses. | Download the sample CSV template before uploading. |
| **Asset Tag** | Select relevant asset tags from the drop-down list. | Example: Switches, Firewalls, Routers |
| **User** | Select a user from the drop-down list. | Example: John Doe, Alice Smith |
| **User Tag** | Select a user group or predefined tag from the drop-down list. | Example: Network Engineers, Operators |
| **Visibility** | Choose between **Public** or **Private** access. |
Public: Accessible to all authorized users. Private: Restricted to specific users.
|
{% hint style="info" %}
**Note:**
* You can add devices using either **IP Address** or **Asset Tag**.
* You can select **individual users** or assign a **User Tag** to group users under a common profile.
{% endhint %}
Once all details are entered, click **Next** to save and add SSH and TELNET details.
**SSH and TELNET Details |** Add Authorization Profile Details
In this tab, users must select templates and configure command settings.
| **Label** | **Action** | **Description/ Example** |
| ---------------------------- | --------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Record CLI Session** | Click to turn **ON/OFF** the toggle button. | If enabled, the system tracks all activities performed in the terminal and keeps a record. These logs can be accessed from the **CLI Job/ Sessions** page. |
| **Block Up/ Down keys** | Click to turn **ON/OFF** the toggle button. | Prevents users from navigating through previous commands. |
| **Block Horizontal TAB key** | Click to turn **ON/OFF** the toggle button. | Restricts the use of the TAB key in the CLI session. |
| **Default Action** | Select from **Block, Terminate, and Notify**. | Defines the action for unrecognized commands. If a command isn't explicitly defined under **Terminate, Block, Notify, Permit,** or **System**, the selected default action will apply. |
Infraon NCCM allows defining five types of command input rules:
Five types of command input options can be defined in an Authorization Profile. They are:
* **Terminate Commands** - Command (sets) denied for execution by the User/User Group. When a user tries these set(s) of commands, Infraon NCCM terminates the CLI Session immediately.
* **Block Commands** - Command (sets) denied for execution by the User/User Group. When a user tries these set(s) of commands, Infraon NCCM blocks them from being executed. The CLI session is not terminated here.
* **Notify Commands** - When a user tries these set(s) of commands, Infraon NCCM executes them and triggers a notification about the action. If this option is selected, Notifier (Notification Alert) must be selected using the dropdown menu.
**Immediate:**
**Close:**
* **Permit Commands** – Command (sets) permitted for execution by the User/User Group. Commands not added in the ‘Permit’ section will be blocked during execution.
* **System Commands** – Used to ignore inputs like password and other User credential input. For example, when a user tries to execute a command that requires authentication by the system, the system prompts the user to provide additional information. In this case, a system prompt must be added in the ‘Ignore’ section. If not, the system runs the command through the Permit command list and may end up blocking the command/command set.
| **Label** | **Action** | **Description/ Example** |
| ------------------ | --------------------------------------- | ------------------------------------------------------------------------------------------------------------------ |
| Notification Alert | Select from the drop-down list. | Choose users who will receive notifications. |
| Notification Type | Select from Immediate or Session Close. | Immediate: Real-time command execution alerts. Session Close: Alerts are triggered when the session is terminated. |
Once all details are entered, click **Submit** to save and add the authorization profile to the inventory.
