Understanding Default Management User Roles
The ArubaOS software includes predefined management user roles.
|
If you upgrade from a previous ArubaOS release, your existing configuration may have different management roles. The information in this section only describes the predefined management roles for this release. |
Predefined Role |
Permissions |
This role permits access only to AP provisioning commands and no access to other configuration commands on the Mobility Master. |
|
|
This role permits access to configuring guest users in the managed device’s internal database only. This user only has access via the WebUI to create guest accounts; there is no CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. access. Guest-provisioning tasks include creating or generating the user name and password for a guest account as well as configuring when the account expires. |
|
This role permits access to location API Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. information and the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.; however, you cannot use any CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands. This role does not permit access to the WebUI. Using a third-party location appliance, you can gather information about the location of 802.11 802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. stations. To log in to the managed device using a third-party location appliance, enter: http[s]://<ipaddress>[:port]/screens/wms/wms.login. You are prompted to enter your username and password (for example, the username and password associated with the location API Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. management role). Once authenticated, you can use an API Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. call to request location information from the managed device, for example: http[s]://<ipaddress>[:port]/screens/wms/wms.cgi?opcode=wlm-get-spot&campus-name=<campus id>&building-name<building id>&mac=<client1>,<client2>.... |
|
This role permits configuring a NBAPI management role. |
|
You can view the reports created by the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands: DB:opcode=monitor-summary DB:opcode=cr-load DB:opcode=wlm-search&class=probes&start DB:opcode=wlm-search&class=amii DB:opcode=monitor-get-all-gps&status=any show ap-group show vlan status > > You can view the reports created by the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands: show switches show switches summary > > You can view the reports created by the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands: show wlan-ap start* > > You can view the reports created by the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands: show ip mobile host show ip mobile trail {<ipaddr> | <macaddr>} <span class="CLI">show ap essid</span> show esi servers show esi ping show esi parser stats show private port status* show vlan show port stats show spanning-tree interface fastethernet <slot/module/port> show interface fastethernet <slot/module/port> counters clear counters fastethernet <slot/module/port> show snmp trap-queue <page>
You can view the reports created by the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands: aaa user debug mac > > > You can view the reports created by the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands: stm kick-off-sta <macaddr> aaa user logout <ipaddr> |
|
> > > You can view the reports created by the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands: stm add-blacklist-client <macaddr> aaa user delete {<ipaddr> | all | mac <macaddr> | name <username> | role <role>} > > You can view the reports created by the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands: stm remove-blacklist-client <macaddr> > > You can view the reports created by the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands: show esi groups show esi servers show esi ping show esi parser stats > > You can view the reports created by the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands: show model-switch-internal* show slots show private port status* show vlan > > You can view the reports created by executing the following command: show keys > You can view the reports created by the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands: DB:opcode=get-permissions DB:opcode=cr-load show switches show switches summary > You can view the reports created by the following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands: show ap association voip-only show ap active voip-only show voice call-counters show voice client status show voice call-quality show voice call-density show voice call-cdrs show voice call-perf |
|
This role permits access to all management functions (commands and operations) on the managed device. |
|
This role permits access to CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. show commands or WebUI monitoring pages only. |
|
This role has root privileges but cannot make changes to the management users. The purpose of creating this role is to prevent changes to the local account from externally authenticated management user. |