Management General Management Topics Logging and Reporting Multi-Domain Management Policy Management
- Local User Groups
AI & Machine Learning
I wanted to explain this dialog - taken from the Manage & Settings-->Permissions and Administrators-->Permission Profiles:
One of the benefits for using layers with R80.10 is that you can segregate them for different administrator roles. You do that by 2 steps:
1. Define a permission profile with reference to Access Control Layers
2. Set the Permission settings at the Layer Editor.
The by-profile approach:
With every layer, you should pick the specific permission profiles that can edit it.
Make sure that this option is checked at the permission profile editor:
Only permission profiles with the above option checked, are eligible for selection in this portion of the layer editor:
The by-blades approach:
The enabled blades on a layer will automatically determine which permission profiles can edit it.
All layers which match the this blade selection are available for editing for this permission profile:
A layer with this blade selection will show the above permission profile as eligible for editing. At the layer editor, you can't select permission profiles which had the "automatically by blades" checked.
Which one is the better approach? It depends. If you are about to create a bunch of inline layers with a set of blades enabled on them, will you remember to assign the correct specific permission profiles? And what happens when you enable another blade on a layer - do you want some permission profiles to be automatically removed from editing it? This is up to each customer to decide.
Let us know your comments on this.