.svg?alt=media&token=53895a79-2463-405c-8911-8e2f8eb3dc06)
Authorization Profile
The Authorization Profile module defines user access levels and permissions for interacting with network devices. It ensures that only authorized users can execute specific commands or modify configurations.
What do you see on the screen
Basic Details | Authorization Profile
Label
Action
Description/Example
Search
Enter at least three characters to search for an existing profile.
Example: "Admin" will return "Admin_Profile1, Admin_Profile2"
Filter
Apply filters based on predefined fields and conditions.
Fields: "Profile Name, Default Action, Status, Asset Tag" Conditions: "In, Not In, Equal To, Not Equal To"
CLI Jobs
Click to navigate to the CLI Jobs module.
The CLI Jobs module manages direct CLI sessions (SSH/Telnet) between a device and a user through the NCCM application.
Default Authorization Profile
View the system-defined default authorization profile.
This profile applies default access policies when no specific profile is assigned.
Add
Click to create a new authorization profile.
Opens the Add Authorization Profile page.
Profile Name
No actions; view-only.
Displays the unique profile name. Example: "Network_Admins_Profile"
Status
No actions; view-only.
Displays whether the profile is Active (ON) or Inactive (OFF).
IP Address
No actions; view-only.
Displays the associated device management IP addresses. Example: "192.168.1.10"
Asset Tag
No actions; view-only.
Displays the assigned asset tags for this profile. Example: "Switches, Firewalls"
User Name(s)
No actions; view-only.
Displays users assigned to this profile. Example: "John Doe, Jane Smith"
User Tag
No actions; view-only.
Displays user groups assigned to this profile. Example: "Network Engineers"
Default Action
No actions; view-only.
Displays the default permission for users:
Deny Commands
Click to view commands added.
Lists commands that users in this profile cannot execute. Example: "shutdown, reload"
Permit Commands
Click to view commands added.
Lists commands that users in this profile are allowed to execute. Example: "show running-config, ping"
System Commands
Click to view commands added.
Displays system-defined commands available to the profile. Example: "exit, logout"
Description
No actions; view-only.
Provides a brief description of the authorization profile. Example: "Admin access to core routers"
Visibility
No actions; view-only.
Indicates if the profile is Public (shared) or Private (restricted).
Action Icons
Edit
Select a profile and click Edit to modify it.
Users can update profile settings such as commands, visibility, user tags, etc.
Clone
Duplicate an existing profile with minimal modifications.
Clicking Clone will open a new profile with pre-filled details from the selected profile.
Delete
Remove an existing profile.
Select a profile and click Delete to permanently remove it.
Detail View
View detailed information about the profile in a pop-up window.
Displays users, profile names, IP addresses, and status in an expanded view.
Bulk Actions
Enable
Select multiple profiles and enable them in bulk.
Enabled profiles will be marked as Active.
Disable
Select multiple profiles and disable them in bulk.
Disabled profiles will be marked as Inactive.
Delete
Remove multiple authentication profiles at once.
Example: Bulk-delete outdated or unnecessary profiles.
Add Authorization Profile
To add a new authorization profile, click on the Add option located at the top right corner of the page. Fill in the required details as outlined in the table below:
Profile Details | Add Authorization Profile
Label
Action
Description/ Example
Profile Name*
Enter a unique name for the authorization profile.
Example: Admin_Access, Read_Only_Profile
Profile Description*
Provide a brief description of the authorization profile.
Example: "Allows full configuration access for admin users."
Status
Toggle the switch to enable or disable the profile.
ON (Active) / OFF (Inactive)
Select from Authentication Profile
Choose an existing authentication profile from the drop-down list.
Example: TACACS_Auth, RADIUS_Auth
IP Address
Enter a single device management IP or a list of device management IPs separated by a comma, semicolon, or space.
Example: 192.168.1.1; 192.168.1.2
Click the CSV Import icon to upload multiple IP addresses.
Download the sample CSV template before uploading.
Asset Tag
Select relevant asset tags from the drop-down list.
Example: Switches, Firewalls, Routers
User
Select a user from the drop-down list.
Example: John Doe, Alice Smith
User Tag
Select a user group or predefined tag from the drop-down list.
Example: Network Engineers, Operators
Visibility
Choose between Public or Private access.
Public: Accessible to all authorized users. Private: Restricted to specific users.
Once all details are entered, click Next to save and add SSH and TELNET details.
SSH and TELNET Details | Add Authorization Profile Details
In this tab, users must select templates and configure command settings.
Label
Action
Description/ Example
Record CLI Session
Click to turn ON/OFF the toggle button.
If enabled, the system tracks all activities performed in the terminal and keeps a record. These logs can be accessed from the CLI Job/ Sessions page.
Block Up/ Down keys
Click to turn ON/OFF the toggle button.
Prevents users from navigating through previous commands.
Block Horizontal TAB key
Click to turn ON/OFF the toggle button.
Restricts the use of the TAB key in the CLI session.
Default Action
Select from Block, Terminate, and Notify.
Defines the action for unrecognized commands. If a command isn't explicitly defined under Terminate, Block, Notify, Permit, or System, the selected default action will apply.
Infraon NCCM allows defining five types of command input rules:
Five types of command input options can be defined in an Authorization Profile. They are:
Terminate Commands - Command (sets) denied for execution by the User/User Group. When a user tries these set(s) of commands, Infraon NCCM terminates the CLI Session immediately.
Block Commands - Command (sets) denied for execution by the User/User Group. When a user tries these set(s) of commands, Infraon NCCM blocks them from being executed. The CLI session is not terminated here.
Notify Commands - When a user tries these set(s) of commands, Infraon NCCM executes them and triggers a notification about the action. If this option is selected, Notifier (Notification Alert) must be selected using the dropdown menu.
Immediate:
Close:
Permit Commands – Command (sets) permitted for execution by the User/User Group. Commands not added in the ‘Permit’ section will be blocked during execution.
System Commands – Used to ignore inputs like password and other User credential input. For example, when a user tries to execute a command that requires authentication by the system, the system prompts the user to provide additional information. In this case, a system prompt must be added in the ‘Ignore’ section. If not, the system runs the command through the Permit command list and may end up blocking the command/command set.
Label
Action
Description/ Example
Notification Alert
Select from the drop-down list.
Choose users who will receive notifications.
Notification Type
Select from Immediate or Session Close.
Immediate: Real-time command execution alerts. Session Close: Alerts are triggered when the session is terminated.
Once all details are entered, click Submit to save and add the authorization profile to the inventory.
Last updated
Was this helpful?
