# Authorization Profile
The Authorization Profile module defines user access levels and permissions for interacting with network devices. It ensures that only authorized users can execute specific commands or modify configurations.
## **What do you see on the screen**
**Basic Details |** Authorization Profile
| **Label** | **Action** | **Description/Example** |
| --------------------------------- | ------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------ |
| **Search** | Enter at least three characters to search for an existing profile. | **Example:** "Admin" will return "Admin\_Profile1, Admin\_Profile2" |
| **Filter** | Apply filters based on predefined fields and conditions. |
Fields: "Profile Name, Default Action, Status, Asset Tag" Conditions: "In, Not In, Equal To, Not Equal To"
|
| **CLI Jobs** | Click to navigate to the CLI Jobs module. | The **CLI Jobs** module manages direct CLI sessions (SSH/Telnet) between a **device and a user** through the NCCM application. |
| **Default Authorization Profile** | View the system-defined default authorization profile. | This profile applies **default access policies** when no specific profile is assigned. |
| **Add** | Click to create a new authorization profile. | Opens the **Add Authorization Profile** page. |
| **Profile Name** | No actions; view-only. | Displays the unique profile name. Example: "Network\_Admins\_Profile" |
| **Status** | No actions; view-only. | Displays whether the profile is **Active (ON)** or **Inactive (OFF)**. |
| **IP Address** | No actions; view-only. | Displays the associated device management IP addresses. Example: "192.168.1.10" |
| **Asset Tag** | No actions; view-only. | Displays the assigned asset tags for this profile. Example: "Switches, Firewalls" |
| **User Name(s)** | No actions; view-only. | Displays users assigned to this profile. Example: "John Doe, Jane Smith" |
| **User Tag** | No actions; view-only. | Displays user groups assigned to this profile. Example: "Network Engineers" |
| **Default Action** | No actions; view-only. | Displays the default permission for users: |
| **Deny Commands** | Click to view commands added. | Lists commands that users in this profile **cannot** execute. Example: "shutdown, reload" |
| **Permit Commands** | Click to view commands added. | Lists commands that users in this profile **are allowed** to execute. Example: "show running-config, ping" |
| **System Commands** | Click to view commands added. | Displays system-defined commands available to the profile. Example: "exit, logout" |
| **Description** | No actions; view-only. | Provides a brief description of the authorization profile. Example: "Admin access to core routers" |
| **Visibility** | No actions; view-only. | Indicates if the profile is **Public** (shared) or **Private** (restricted). |
| **Action Icons** | | |
| **Edit** | Select a profile and click **Edit** to modify it. | Users can update profile settings such as **commands, visibility, user tags, etc.** |
| **Clone** | Duplicate an existing profile with minimal modifications. | Clicking **Clone** will open a new profile with pre-filled details from the selected profile. |
| **Delete** | Remove an existing profile. | Select a profile and click **Delete** to permanently remove it. |
| **Detail View** | View detailed information about the profile in a pop-up window. | Displays **users, profile names, IP addresses, and status** in an expanded view. |
| **Bulk Actions** | | |
| **Enable** | Select multiple profiles and enable them in bulk. | Enabled profiles will be marked as **Active**. |
| **Disable** | Select multiple profiles and disable them in bulk. | Disabled profiles will be marked as **Inactive**. |
| **Delete** | Remove multiple authentication profiles at once. | Example: Bulk-delete outdated or unnecessary profiles. |
## **Add Authorization Profile**
To add a new authorization profile, click on the **Add** option located at the top right corner of the page. Fill in the required details as outlined in the table below:
**Profile Details |** Add Authorization Profile
| **Label** | **Action** | **Description/ Example** |
| -------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ |
| **Profile Name**\* | Enter a unique name for the authorization profile. | Example: Admin\_Access, Read\_Only\_Profile |
| **Profile Description**\* | Provide a brief description of the authorization profile. | Example: "Allows full configuration access for admin users." |
| **Status** | Toggle the switch to enable or disable the profile. | **ON** (Active) / **OFF** (Inactive) |
| **Select from Authentication Profile** | Choose an existing authentication profile from the drop-down list. | Example: TACACS\_Auth, RADIUS\_Auth |
| **IP Address** | Enter a **single device management IP** or a **list of device management IPs** separated by a **comma, semicolon, or space**. | Example: 192.168.1.1; 192.168.1.2 |
| | Click the **CSV Import** icon to upload multiple IP addresses. | Download the sample CSV template before uploading. |
| **Asset Tag** | Select relevant asset tags from the drop-down list. | Example: Switches, Firewalls, Routers |
| **User** | Select a user from the drop-down list. | Example: John Doe, Alice Smith |
| **User Tag** | Select a user group or predefined tag from the drop-down list. | Example: Network Engineers, Operators |
| **Visibility** | Choose between **Public** or **Private** access. |
Public: Accessible to all authorized users. Private: Restricted to specific users.
|
{% hint style="info" %}
**Note:**
* You can add devices using either **IP Address** or **Asset Tag**.
* You can select **individual users** or assign a **User Tag** to group users under a common profile.
{% endhint %}
Once all details are entered, click **Next** to save and add SSH and TELNET details.
**SSH and TELNET Details |** Add Authorization Profile Details
In this tab, users must select templates and configure command settings.
| **Label** | **Action** | **Description/ Example** |
| ---------------------------- | --------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Record CLI Session** | Click to turn **ON/OFF** the toggle button. | If enabled, the system tracks all activities performed in the terminal and keeps a record. These logs can be accessed from the **CLI Job/ Sessions** page. |
| **Block Up/ Down keys** | Click to turn **ON/OFF** the toggle button. | Prevents users from navigating through previous commands. |
| **Block Horizontal TAB key** | Click to turn **ON/OFF** the toggle button. | Restricts the use of the TAB key in the CLI session. |
| **Default Action** | Select from **Block, Terminate, and Notify**. | Defines the action for unrecognized commands. If a command isn't explicitly defined under **Terminate, Block, Notify, Permit,** or **System**, the selected default action will apply. |
Infraon NCCM allows defining five types of command input rules:
Five types of command input options can be defined in an Authorization Profile. They are:
* **Terminate Commands** - Command (sets) denied for execution by the User/User Group. When a user tries these set(s) of commands, Infraon NCCM terminates the CLI Session immediately.
* **Block Commands** - Command (sets) denied for execution by the User/User Group. When a user tries these set(s) of commands, Infraon NCCM blocks them from being executed. The CLI session is not terminated here.
* **Notify Commands** - When a user tries these set(s) of commands, Infraon NCCM executes them and triggers a notification about the action. If this option is selected, Notifier (Notification Alert) must be selected using the dropdown menu.
**Immediate:**
**Close:**
* **Permit Commands** – Command (sets) permitted for execution by the User/User Group. Commands not added in the ‘Permit’ section will be blocked during execution.
* **System Commands** – Used to ignore inputs like password and other User credential input. For example, when a user tries to execute a command that requires authentication by the system, the system prompts the user to provide additional information. In this case, a system prompt must be added in the ‘Ignore’ section. If not, the system runs the command through the Permit command list and may end up blocking the command/command set.
| **Label** | **Action** | **Description/ Example** |
| ------------------ | --------------------------------------- | ------------------------------------------------------------------------------------------------------------------ |
| Notification Alert | Select from the drop-down list. | Choose users who will receive notifications. |
| Notification Type | Select from Immediate or Session Close. | Immediate: Real-time command execution alerts. Session Close: Alerts are triggered when the session is terminated. |
Once all details are entered, click **Submit** to save and add the authorization profile to the inventory.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.infraon.io/infraon-help/infinity-user-guide/infraon-configuration/it-operations/network-configuration/authorization-profile.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.