API DocsAdmin GuideUser GuideVideo Library

Roles & Privileges

Access control within Infraon is managed through role-based privileges. A Role defines a user's role within Infraon, and Privileges define the user's level of access across multiple modules of Infraon. Infraon comes with seven default roles with pre-defined privileges.

What you see on the screen

On Infraon, multiple default roles are displayed as a list with icons for editing, cloning, and deleting. The 'New Role' button is at the top right corner of the page.

Details displayed are as follows:

  • Role Name

  • User Count

  • Role Description

  • Icons to edit/clone/delete

Roles

Roles are crucial for managing workflows and ensuring secure access to specific modules. Infraon uses dynamic, role-based access control (RBAC) to define user access and responsibilities across the platform.

You can edit the default roles or create new ones to suit your organizational needs. However, roles must be defined before inviting users.

Role

Description

Infraon Admin

Has complete access to the Infraon platform. Can manage all configurations, users, assets, and modules. This role is equivalent to the ITIL v4 “Administrator” or Platform Owner. Note: This role cannot be edited or deleted.

Approver

Has access only to the Requester Portal and can approve workflows related to tickets, changes, SLAs, and onboarding processes. Reflects the Change Authority or Approver Role in ITIL v4.

IT Manager

Can manage IT asset lifecycles, including adding/editing assets via CSV/Discovery (with approval). It can also view dashboards, monitor reports, alarms, and notifications, and handle discovery profiles. Aligns with the IT Asset Manager and Service Owner roles in ITIL.

IT Support Operator

Provides support for IT infrastructure. Has full access to:

  • Discovery Profiles (add/edit)

  • Asset onboarding via CSV/Discovery

  • Dashboards and Reports

  • Alarms and Notifications

This role reflects the IT Support Role in ITIL.

NOC Operator

Monitors and manages network operations. Inherits all privileges of the IT/Tech Support Operator and can additionally manage:

  • Alarms

  • Events

  • Notifications

The role reflects the Monitoring Specialist or NOC Engineer in ITIL.

Tech Support Operator

Handles end-user support by managing:

  • Service Catalog

  • Workflows

  • Assets

  • Own Dashboards and Reports

  • Add/Edit Tickets

The role aligns with that of a 1st Line Support or Service Desk Technician in ITIL v4.

Tech Support Manager

Supervises support teams. Inherits all Tech Support Operator permissions and adds:

  • Access to the request portal

  • Dashboard/Report Management

  • Fixed Asset Management

  • Limited Admin Configuration

Matches the Team Leader or Support Manager role in ITIL.

Limited Access Technician

Restricted access role for contractors or temporary staff. Has limited permissions across the Infraon platform. Helpful in implementing Least Privilege Access practices in ITIL.

Requester

End-users who can log in to the Self-Service Portal to:

  • Raise Incidents

  • Submit Service Requests

  • Raise Change Requests

  • Track their request status

  • Access Knowledge Base

This aligns with the Service Consumer or End User role in ITIL v4.

  • Each user can be assigned one or more roles depending on responsibilities.

  • Role-based privileges impact what users can view, add, edit, or delete within the Infraon platform.

Instructions to 'Add a new Role.'

  • Go to Infraon Configuration -> User Management -> Role and Privileges

  • Click on the 'New Role' button in the top right corner.

Privileges for default roles are saved as templates and can be selected and customized to suit needs. Privileges are customized at the ‘General,’ ‘Ticket,’ ‘NCCM,’ ‘Privacy Settings,’ and ‘Reports’ levels.

Label

Action

Description/Example

Role Name*

Add a name for the new role.

Manager, Support Team, L1 Support, etc.,

Select Template

Select a template to import privileges.

Selecting existing role templates helps import privileges from an existing role to the new role.

Description

Add a brief description of the role.

Assign to L1 support members of the team.

Privileges

Select privileges to enable access to the new role.

Privileges are split into modules: General, Ticket, NCCM, Privacy Settings, and Reports.

Permissions can be explicitly selected - view, add, edit, delete, copy, and configure.

Privileges

The Privileges module within Infraon Infinity empowers administrators with granular control over user permissions. This ensures users have the necessary access to perform their tasks effectively while safeguarding sensitive data within the platform.

Here, admins can define specific actions/modules that users can perform within each module using checkboxes. These levels include:

Label

Action

Description/Example

View

If selected, the 'View' privilege allows the user only to view the selected module/page.

For example, if the user is given the 'View' privilege to the 'Business Catalogue' module, the user will be able to view the services listed.

Add

If selected, 'Add' allows the user to view and perform add operations within the selected module/page.

For example, if the user is given the 'Add' privilege to the 'Business Catalogue' module, the user will be able to view the services listed and add new services. The user will, however, not have edit or delete privileges.

Edit

If selected, 'Edit' allows the user to view and perform edit operations within the selected module/page.

For example, if the user is given the 'Edit' privilege to the 'Business Catalogue' module, the user will be able to view the services listed and edit existing services. The user will, however, not have add or delete privileges.

Delete

If selected, 'Delete' allows the user to view and perform add operations within the selected module/page.

For example, if the user is given the 'Delete' privilege to the 'Business Catalogue' module, the user will be able to view the services listed and delete existing services. The user will, however, not have to add or edit privileges.

Copy

If selected, 'Copy' allows the user to view and perform add operations within the selected module/page.

For example, if the user is given the 'Copy' privilege to the 'Business Catalogue' module, the user will be able to view the services listed and add new services. The user will, however, not have edit or delete privileges.

Configure

If selected, 'Configure' allows the user to view and perform add operations within the selected module/page.

For example, if the user is given the 'Add' privilege to the 'Business Catalogue' module, the user will be able to view the services listed and add new services. The user will, however, not have edit or delete privileges.

Upload

If selected, ‘Upload' allows the user to view and perform add operations within the selected module/page

Download

If selected, ‘Download’ allows users to download and perform export operations within the selected module/page.

The Download privilege allows users to export logs from the Log Management module in PDF, CSV, or XLS formats, enabling offline analysis, sharing, and integration with other tools.

Here's a breakdown of the functionalities offered by the Privileges module and its sub-modules:

General:

Grant access to various Infraon Infinity modules:

  • Agent

  • API Registration

  • Audit

  • Business Hour

  • Bot Configuration

  • Business Rule

  • Business Catalogue

  • Change

  • CI Relation rule

  • Asset

  • Contract Management

  • Correlation Rule

  • CSAT

  • Client Registration

  • Dashboard

  • Department

  • Device Credentials

  • Diagnosis Tools

  • Discovery

  • Events

  • Geomap

  • Holiday

  • IMACD

  • Mail Automator

  • Jobs

  • Knowledge Base

  • Leaves

  • Maintenance

  • Messenger

  • My Profile

  • Network Configuration

  • Network Diagram

  • Organization

  • Address Book

  • Password Policy

  • Problem

  • Release

  • Request

  • Requester

  • Service Catalogue

  • Shift

  • SLA

  • SMS Gateway

  • Software License

  • SSP Configuration

  • Tag

  • Task

  • Team Escalation

  • Teams

  • Template

  • Thresholds

  • Topology

  • Trigger

  • Technician

  • Role

  • Vendor

  • Workflow

  • Workspace

Log Management:

Manage user access to functionalities related to Log Management and configurations. This sub-module offers permissions for:

  • Log Multi-Index: Create and manage the multi-indexes that help retrieve data from Elasticsearch.

  • Log Export Configs: Export Configs define how logs are exported, including format, size, and downloaded exported log files.

  • Log Search: Enables rapid searching and analysis of vast amounts of structured and unstructured log data, delivering results in seconds.

  • Log Rule: A critical component in monitoring systems that defines how log data is processed and analyzed in real-time to quickly detect and respond to security threats.

Ticket:

Define permission levels (Add, View, Edit, Delete, etc.) for different user roles regarding ticket management tasks. This allows for granular control over how users interact with tickets within the system.

NCCM (Network Change & Configuration Management):

Manage user access to functionalities related to network changes and configurations. This sub-module offers permissions for:

  • Baseline Scheduler: Control access to scheduling tasks for network baseline configuration.

  • Configuration Download Job: Manage permissions for initiating downloads of network configuration data.

  • Configuration Parameters: Define user access to view or modify network configuration parameters.

  • Configuration Profiles: A configuration profile is a template or predefined set of configuration settings that network administrators can create and customize configuration profiles with information like device details and connection protocols for SSH and Telnet.

  • Configuration Search: Configuration Search specifically focuses on download jobs, allowing users to view or export the "startup" or "running" configurations within these jobs to identify any configuration.

  • Configuration template: Configuration templates hold the commands for uploading jobs and making changes to network devices, including provisioning, OS upgrades, creating or deactivating services, and any other change.

  • OS Image: OS images are used primarily for managing and deploying configuration changes across network devices such as routers, switches, and firewalls.

Privacy Settings:

Administrators can control the visibility of requester information for technicians working on service requests. This helps balance transparency and data privacy within your Infraon Infinity platform.

  • Unmask Requester's Contact: This section provides a toggle button. Enabling this option grants technicians visibility to the requester's contact information, potentially including phone numbers. This can be beneficial for situations where direct contact with the requester might be necessary to resolve an issue.

  • Unmask Requester's Email: Another toggle button allows administrators to control the visibility of the requester's email address for technicians. Granting access to email addresses can facilitate direct communication between technicians and requesters, potentially expediting issue resolution.

  • Unmask Requester's Name: The final toggle button controls the visibility of the requester's name for technicians. Enabling this option ensures technicians can easily identify the person requesting assistance.

Report:

Define permission levels (Add, View, Edit, Delete, etc.) for different user roles regarding reports. This ensures users can access reports relevant to their needs while restricting access to sensitive data as necessary.

Once all the parameters are added, click 'Submit' to save and add the role. Administrators and privileged users can edit and delete roles using the respective icons.

Note: The 'Administrator' role cannot be cloned/edited/deleted.

PreviousRequestersNextTeams

Last updated

Was this helpful?