API DocsAdmin GuideUser GuideVideo Library

Authorization Profile

The Authorization Profile module defines user access levels and permissions for interacting with network devices. It ensures that only authorized users can execute specific commands or modify configurations.

What do you see on the screen

Basic Details | Authorization Profile

Label

Action

Description/Example

Search

Enter at least three characters to search for an existing profile.

Example: "Admin" will return "Admin_Profile1, Admin_Profile2"

Filter

Apply filters based on predefined fields and conditions.

Fields: "Profile Name, Default Action, Status, Asset Tag" Conditions: "In, Not In, Equal To, Not Equal To"

CLI Jobs

Click to navigate to the CLI Jobs module.

The CLI Jobs module manages direct CLI sessions (SSH/Telnet) between a device and a user through the NCCM application.

Default Authorization Profile

View the system-defined default authorization profile.

This profile applies default access policies when no specific profile is assigned.

Add

Click to create a new authorization profile.

Opens the Add Authorization Profile page.

Profile Name

No actions; view-only.

Displays the unique profile name. Example: "Network_Admins_Profile"

Status

No actions; view-only.

Displays whether the profile is Active (ON) or Inactive (OFF).

IP Address

No actions; view-only.

Displays the associated device management IP addresses. Example: "192.168.1.10"

Asset Tag

No actions; view-only.

Displays the assigned asset tags for this profile. Example: "Switches, Firewalls"

User Name(s)

No actions; view-only.

Displays users assigned to this profile. Example: "John Doe, Jane Smith"

User Tag

No actions; view-only.

Displays user groups assigned to this profile. Example: "Network Engineers"

Default Action

No actions; view-only.

Displays the default permission for users:

Deny Commands

Click to view commands added.

Lists commands that users in this profile cannot execute. Example: "shutdown, reload"

Permit Commands

Click to view commands added.

Lists commands that users in this profile are allowed to execute. Example: "show running-config, ping"

System Commands

Click to view commands added.

Displays system-defined commands available to the profile. Example: "exit, logout"

Description

No actions; view-only.

Provides a brief description of the authorization profile. Example: "Admin access to core routers"

Visibility

No actions; view-only.

Indicates if the profile is Public (shared) or Private (restricted).

Action Icons

Edit

Select a profile and click Edit to modify it.

Users can update profile settings such as commands, visibility, user tags, etc.

Clone

Duplicate an existing profile with minimal modifications.

Clicking Clone will open a new profile with pre-filled details from the selected profile.

Delete

Remove an existing profile.

Select a profile and click Delete to permanently remove it.

Detail View

View detailed information about the profile in a pop-up window.

Displays users, profile names, IP addresses, and status in an expanded view.

Bulk Actions

Enable

Select multiple profiles and enable them in bulk.

Enabled profiles will be marked as Active.

Disable

Select multiple profiles and disable them in bulk.

Disabled profiles will be marked as Inactive.

Delete

Remove multiple authentication profiles at once.

Example: Bulk-delete outdated or unnecessary profiles.

Add Authorization Profile

To add a new authorization profile, click on the Add option located at the top right corner of the page. Fill in the required details as outlined in the table below:

Profile Details | Add Authorization Profile

Label

Action

Description/ Example

Profile Name*

Enter a unique name for the authorization profile.

Example: Admin_Access, Read_Only_Profile

Profile Description*

Provide a brief description of the authorization profile.

Example: "Allows full configuration access for admin users."

Status

Toggle the switch to enable or disable the profile.

ON (Active) / OFF (Inactive)

Select from Authentication Profile

Choose an existing authentication profile from the drop-down list.

Example: TACACS_Auth, RADIUS_Auth

IP Address

Enter a single device management IP or a list of device management IPs separated by a comma, semicolon, or space.

Example: 192.168.1.1; 192.168.1.2

Click the CSV Import icon to upload multiple IP addresses.

Download the sample CSV template before uploading.

Asset Tag

Select relevant asset tags from the drop-down list.

Example: Switches, Firewalls, Routers

User

Select a user from the drop-down list.

Example: John Doe, Alice Smith

User Tag

Select a user group or predefined tag from the drop-down list.

Example: Network Engineers, Operators

Visibility

Choose between Public or Private access.

Public: Accessible to all authorized users. Private: Restricted to specific users.

Note:

  • You can add devices using either IP Address or Asset Tag.

  • You can select individual users or assign a User Tag to group users under a common profile.

Once all details are entered, click Next to save and add SSH and TELNET details.

SSH and TELNET Details | Add Authorization Profile Details

In this tab, users must select templates and configure command settings.

Label

Action

Description/ Example

Record CLI Session

Click to turn ON/OFF the toggle button.

If enabled, the system tracks all activities performed in the terminal and keeps a record. These logs can be accessed from the CLI Job/ Sessions page.

Block Up/ Down keys

Click to turn ON/OFF the toggle button.

Prevents users from navigating through previous commands.

Block Horizontal TAB key

Click to turn ON/OFF the toggle button.

Restricts the use of the TAB key in the CLI session.

Default Action

Select from Block, Terminate, and Notify.

Defines the action for unrecognized commands. If a command isn't explicitly defined under Terminate, Block, Notify, Permit, or System, the selected default action will apply.

Infraon NCCM allows defining five types of command input rules:

Five types of command input options can be defined in an Authorization Profile. They are:

  • Terminate Commands - Command (sets) denied for execution by the User/User Group. When a user tries these set(s) of commands, Infraon NCCM terminates the CLI Session immediately.

  • Block Commands - Command (sets) denied for execution by the User/User Group. When a user tries these set(s) of commands, Infraon NCCM blocks them from being executed. The CLI session is not terminated here.

  • Notify Commands - When a user tries these set(s) of commands, Infraon NCCM executes them and triggers a notification about the action. If this option is selected, Notifier (Notification Alert) must be selected using the dropdown menu.

Immediate:

Close:

  • Permit Commands – Command (sets) permitted for execution by the User/User Group. Commands not added in the ‘Permit’ section will be blocked during execution.

  • System Commands – Used to ignore inputs like password and other User credential input. For example, when a user tries to execute a command that requires authentication by the system, the system prompts the user to provide additional information. In this case, a system prompt must be added in the ‘Ignore’ section. If not, the system runs the command through the Permit command list and may end up blocking the command/command set.

Label

Action

Description/ Example

Notification Alert

Select from the drop-down list.

Choose users who will receive notifications.

Notification Type

Select from Immediate or Session Close.

Immediate: Real-time command execution alerts. Session Close: Alerts are triggered when the session is terminated.

Once all details are entered, click Submit to save and add the authorization profile to the inventory.

PreviousAuthentication ProfileNextRules

Last updated

Was this helpful?