Starting with release version 2021.2, IAP has a new user interface (UI) to administer users, groups, and roles. Users and groups are contained, along with a new UI for role configuration, in the Authorization section of the Admin Essentials application.
There are two pathways to access Authorization. From the IAP home page, you can navigate to Admin Essentials > Quick Start > Authorization. Another way is to click Authorization in the left sidebar to open the accordian menu.
Figure 1: Authorization
Terminology
Various terms related to IAP users, groups, and roles are defined in the following table.
| Term | Definition |
|---|---|
| User | An entity that can perform specific actions within multiple IAP applications based on group associations. |
| Group | A collection of roles that can be assigned to a user. |
| Role | A collection of granular level privileges that can be assigned to groups. |
| Privilege | Permission granted to an API and a View. |
| Provenance | The source of a group; where it was learned. For external groups, this is set to the IAP AAA adapter ID. For IAP groups, it is not set. |
Networking Requirements
If you have Cisco NSO and want to use the NSO External Authentication script, network connectivity is required between the two, typically port 3000. For more information on how to install the NSO External Authentication script, see the Network Adapters section of the IAP Integrations guide.
Users
A user is an entity that comes from an external AAA System such as LDAP. Users may be a member of any number of groups and through group membership may be assigned any number of roles.
Itential Automation Platform (IAP) provides the ability to assign roles directly to users. Also, with IAP groups, administrators are able to manage user membership.
All operations within IAP are associated with a user. User roles, whether directly assigned or inherited from a group, determine what the user can see and do within IAP. The final permission set of a user will be a combination of permissions granted to all the roles assigned to the user, or to any groups in which the user is a member.
Managing Users
Users are accounts from an external system. Therefore, it is not possible to create a new user within IAP. Instead, IAP will create the user record when someone has successfully logged in using the user’s AAA system credentials.
Use Authorization to see a list of users IAP has encountered and to manage their permissions.
- Login to IAP as Administrator (a user with the
Pronghorn.adminrole). - Navigate to Admin Essentials > Authorization.
- Select Users from the sidenav menu.
- Locate the user in the list. Optionally, filter the list by typing in the Search field and pressing Enter.
- Select the appropriate user from the list to view.
- Click the pencil icon to edit attributes, as desired.
- Edit Roles and Groups, as desired.
- Click Save to finalize your changes.
Roles assigned by Groups are grayed out (disabled). This indicates the assignment is inherited.
Figure 2: Filter User List
Configuring Role Assignments for Users
There are two ways to assign users to roles:
- Directly
- By group membership
To assign roles directly to a user:
- Select Roles from the menu.
- Locate the role you wish to assign. You can filter the list by typing in the column header text box.
- Add or remove a role assignment using the checkbox.
Roles assigned by Groups are grayed out (disabled). This indicates the assignment is inherited.
Figure 3: Edit User Roles and Groups
Configuring Group Membership for Users
External group memberships for users are managed by the external AAA system and cannot be edited in IAP. A user may only be added or removed from IAP Groups within Authorization Manager. Addition or removal of AAA groups must be performed in the AAA system and will be noticed by IAP the next time the user logs in.
To change the IAP Groups to which a user belongs:
- Click the Groups menu option.
- Find the group in the list. You can filter the list by typing in the column header textbox.
- Add or remove group membership using the checkbox.
AAA-managed group memberships will be grayed out (disabled), indicating the membership is not editable in IAP.
Figure 4: Authorization Groups
Groups
This section captures how users and groups are created and assigned in IAP. Group management and configuration is also explained.
- Users are assigned to external groups within the external AAA system. Users cannot be assigned to external groups using IAP.
- An external group is an account that comes from an external AAA System such as LDAP. An external group cannot be created within IAP.
- An IAP group is an account created within the IAP system. Users are assigned to IAP groups through Authorization Manager.
Note: If
User1is a member ofGroup1and starts a job, andUser2is not a member ofGroup1, thenUser2will not be able to see the job.
Managing Groups
External groups cannot be created within IAP. Instead, IAP will create the external group record once it has been learned from the AAA system.
To manage groups within IAP:
- Login to IAP as an administrator (a user with the
Pronghorn.adminRole). - Navigate to Admin Essentials > Quick Start > Authorization.
- SelectGroups. A list of all defined groups and their provenances is displayed.
- Locate the group in the list. You can filter the list by typing in the Search Groups field.
- Select the group in the list to view or edit.
- Edit the description as desired.
- Edit roles and groups as desired.
- Click Save to finalize your changes.
Figure 5: Edit Group Roles
Configuring Group Membership
An IAP Group may be added or removed using the Authorization Manager. IAP groups and external groups can be given membership to an IAP group. In contrast, neither group can be given membership to an external group.
To change group membership:
- Login to IAP as an administrator (a user with the
Pronghorn.adminRole). - Navigate to Admin Essentials > Quick Start > Authorization.
- Select Groups. A list of defined groups is displayed.
- Locate the group in the list. You can filter the list by typing in the Search Groups field.
- Select the group in the list to view or edit.
- From the Edit Group modal, select Groups .
- Add or remove group membership by selecting the checkbox.
Identifying Group Members
A members list identifies the users and groups that are direct members of a Group.
- Navigate to the Edit Group modal.
- Locate the Members list (tab). There is no indicator for inherited memberships.
Deleting a Group
⚠ Caution: This is a hard delete. Deleting a group will remove the role from all Users and Groups assigned to it.
Only IAP Groups can be deleted.
- Select Groups from the Authorization menu.
- Locate the group you wish to delete. You can filter the list using the filter fields in the column header.
- Click the stacked dots menu icon and select Delete.
- Confirm the deletion.
Roles
A role is a bundle of permissions assigned to users and/or groups. Roles are pre-defined in the pronghorn.json file for each application and assigned to methods/tasks and views with the roles property. Custom roles can be created within your installation by navigating to Authorization > Roles.
Built-In Roles
The following is a list of built-in roles within IAP.
- admin
- apiread
- apiwrite
- support
- operations/operator
- engineering
- taskread
- taskwrite
- authorization
- read-only
Endpoints
A role grants permission to access one or more endpoints. Endpoints are defined by the applications and IAP. There are essentially two types of endpoints.
| Endpoint Type | Description |
|---|---|
| Methods | Represent API Endpoints that read or write data. |
| Views | Represent web pages in the browser. A view will typically rely on one or more methods to read/write data. |
A role may be assigned to any number of users or groups. This provides access to all endpoints granted to the role. The final permission set for a user is a combination of permissions granted to all the roles assigned to a user, or to any groups in which the user is a member.
Managing Roles
In addition to built-in roles defined by applications, IAP allows administrators to define custom roles for an installation to allow for different authorization strategies. Built-in roles are hard coded in the services (or in IAP) and are not user-editable. Users can only utilize services from their active server profile, and cannot add roles for services that are currently not running.
To manage roles within IAP:
- Login to IAP as an administrator (a user with the
Pronghorn.adminRole). - Navigate to Admin Essentials > Quick Start > Authorization.
- Select the Roles menu option. A table list displays. There is a role for each application installed in the system.
- Click the View icon to open a role and show an advanced view.
- You can view all API Methods (endpoints) and UI Views for a role.
- You can filter and/or sort using the Method and Source fields.
Figure 6: Authorization Roles
Figure 7: View Role
Configuring Role Assignments
Groups are assigned to roles in two ways:
- Directly.
- By membership in another group.
To assign roles directly to a group in IAP:
- In the left-side navigation panel, select Groups.
- Select a group to open it for viewing or editing.
- In the Edit Group modal, locate the role you wish to assign.
- Filter the list by typing in the Name or Source text field.
- Add or remove a role assignment by selecting the checkbox.
Roles which are assigned by other groups are grayed out (disabled). This indicates the assignment is inherited.
Inspecting a Built-In Role
To inspect a built-in role:
- In the left-side navigation panel, select Roles.
- Optionally, type in the search box to sort/filter a role.
- Click the View icon next to a role to open the View Role modal and show the list of all endpoints granted to the role.
Creating a Custom Role
Use a unique name when creating a custom role.
- Click the plus (+) sign from the top toolbar in Admin Essentials to open the Create dialog.
- Select Role from the dropdown menu.
- Give the new custom role a name (required).
- Give the new custom role a description (optional).
- Select the appropriate API endpoints and UI Views in the Edit Role modal. Refer to Managing Custom Role Permissions below.
- Click Save to finalize your changes. The custom role appears in the Authorization: Roles table view and will display as
Customunder the Type column.
Figure 8: Create Custom Role
Figure 9: Assign Custom Role API Endpoints and UI Views
Managing Custom Role Permissions
To manage and edit custom roles permissions:
- Select Roles from the menu in the left navbar.
- Type the name of the Custom role in the search bar under the Role column header.
- Select the desired role from the results list.
- Click the stacked dots menu icon and select Edit. The endpoints for the selected custom role will display in the Edit Role modal, with tabs for API Methods and UI Views, respectively.
- Update the role name, if needed.
- Update the role description, if needed.
- Locate the permissions you would like to grant or remove. Refer to Managing Custom Role Permissions below.
- Filter the list by typing in the search box.
- Add or remove permitted endpoints by selecting the checkbox.
- Click Save to finalize your changes.
Figure 10: Edit Custom Role
Deleting a Custom Role
⚠ Caution: This is a hard delete. Deleting a custom role will remove references to the role from all users and groups assigned to it.
As with any other modifications, only custom roles may be deleted.
- Locate the custom role you wish to delete. Filter the list using the filter fields in the column header.
- Click the stacked dots menu icon and click Delete for the role.
- Confirm the deletion.
Custom Applications and Built-In Roles
Built-in application roles along with endpoints are defined in the pronghorn.json file. The following excerpt from a pronghorn.json file is provided as an example.
{
"roles": [
"admin",
"engineering",
"support",
"apiread",
"authorization"
],
"methods": [
{
"name": "getTasksList",
"roles": [
"admin",
"engineering",
"support"
]
}
],
"views": [
{
"path": "/edit",
"roles": [
"admin",
"engineering"
]
}
]
}In the preceding example, five (5) built-in roles were defined. The getTasksList method is granted to three of them. In contrast, the /edit view is granted to only two.
The declarations will be ingested at application load time and cached in the IAP database to assist with various queries. At application load time, the roles that are cached for the application will be replaced with the roles and permissions defined in pronghorn.json.
If pronghorn.json is inconsistent in its role names, warnings will appear in the IAP logs at application load time.
Note: If an application is upgraded and the new version no longer declares a role, it will be deleted and references to it will be removed from all users and groups. Additionally, role names are the identifier for application roles. Renaming a role is effectively the same as deleting it and declaring a new one. In each case, some users may lose access to your application. Therefore, removal or renaming of existing roles is considered a breaking change.
Application Roles by API Method, Task, and View
The charts in this section show the default roles found in pronghorn.json for each application as delivered.
Note: These charts will change based on the version of IAP that is running. Therefore, as a best practice, Itential recommends that you review the APIs, application roles and their respective permissions for the latest information. You can view this in the Itential UI by navigating to the Authorization page and selecting Roles.
Admin Essentials
| API Method/Task | admin | apiread |
|---|---|---|
availableArtifacts |
x | x |
exportArtifact |
x | x |
getArtifact |
x | x |
getArtifacts |
x | x |
getServicesHealth |
x | x |
importArtifact |
x | |
installArtifact |
x | |
removeArtifact |
x | |
updateArtifact |
x |
| view | admin | |
|---|---|---|
| Admin Essentials | / |
x |
AG Manager
| API Method/Task | admin | apiread | apiwrite |
|---|---|---|---|
discoverModules |
x | x | |
undiscoverAll |
x | x | |
undiscoverModules |
x | x |
Automation Catalog
| API Method/Task | admin | apiread | other | readonly |
|---|---|---|---|---|
createAutomation |
x | x | x | x |
deleteAutomations |
x | x | x | x |
exportAutomation |
x | x | x | x |
getAutomationById |
x | x | x | x |
getAutomations |
x | x | x | x |
importAutomations |
x | x | x | x |
runAutomation |
x | x | x | x |
scheduleAutomation |
x | x | x | x |
updateAutomation |
x | x | x | x |
| view | admin | |
|---|---|---|
| Automation Catalog | / |
x |
Automation Studio
| API Method/Task | admin | apiread | apiwrite | designer | engineering | readonly | support |
|---|---|---|---|---|---|---|---|
createAutomation |
x | x | x | ||||
createTemplate |
x | x | x | ||||
deleteTemplate |
x | x | x | ||||
getMethodOptions |
x | x | x | ||||
getTemplate |
x | x | x | x | |||
getTemplates |
x | x | x | x | |||
importAutomations |
x | x | x | ||||
importTemplates |
x | x | x | ||||
runTransformation |
x | x | x | ||||
updateAutomation |
x | x | x | ||||
updateTemplate |
x | x | x |
| view | designer | |
|---|---|---|
| Automation Studio | / |
x |
Configuration Manager
| API Method/Task | admin | apiread | apiwrite |
|---|---|---|---|
adapterProxy |
x | x | |
addDevicesToGroup |
x | x | |
addDevicesToGroupByName |
x | x | |
addDevicesToNode |
x | x | |
addTasksToNode |
x | x | |
advancedAutoRemediation |
x | x | |
backUpDevice |
x | x | |
buildSpecLines |
x | x | |
createConfigSpec |
x | x | |
createDeviceGroup |
x | x | |
createGoldenConfigNode |
x | x | |
createGoldenConfigTree |
x | x | |
createGoldenConfigTreeVersion |
x | x | |
createJSONSpec |
x | x | |
createTaskInstance |
x | x | |
deleteDeviceBackups |
x | x | |
deleteDeviceGroups |
x | x | |
deleteDeviceGroupsByName |
x | x | |
deleteDevicesFromGroup |
x | x | |
deleteGoldenConfigNode |
x | x | |
deleteGoldenConfigTree |
x | x | |
deleteGoldenConfigTrees |
x | x | |
deleteGoldenConfigTreeVersion |
x | x | |
deletePins |
x | x | |
deleteTaskInstances |
x | x | |
deleteVariables |
x | x | |
exportGoldenConfigTree |
x | x | |
getAdapterTask |
x | x | |
getAdapterTasks |
x | x | |
getBackups |
x | x | |
getComplianceReportDetail |
x | x | |
getComplianceReportDeviceHistory |
x | x | |
getComplianceReportNodeSummary |
x | x | |
getComplianceReportsByBatch |
x | x | |
getComplianceReportsDetail |
x | x | |
getComplianceReportTaskHistory |
x | x | |
getComplianceReportTreeSummary |
x | x | |
getConfigSpec |
x | x | |
getConfigTemplate |
x | x | |
getDevice |
x | x | |
getDeviceBackupById |
x | x | |
getDeviceConfig |
x | x | |
getDeviceConfigFormat |
x | x | |
getDeviceGroupById |
x | x | |
getDeviceGroupByName |
x | x | |
getDeviceGroups |
x | x | |
getDevicesFiltered |
x | x | |
getGoldenConfigTree |
x | x | |
getGoldenConfigTrees |
x | x | |
getGoldenConfigTreeVersion |
x | x | |
getJSONComplianceReportDetail |
x | x | |
getJSONComplianceReportsByBatch |
x | x | |
getJSONSpec |
x | x | |
getJSONSpecWithInheritance |
x | x | |
getPins |
x | x | |
getTaskInstances |
x | x | |
getTopIssues |
x | x | |
getTopIssuesJson |
x | x | |
getTreesForDevice |
x | x | |
gradeComplianceReport |
x | x | |
gradeComplianceReports |
x | x | |
gradeDeviceComplianceHistory |
x | x | |
gradeTaskComplianceHistory |
x | x | |
handlePin |
x | x | |
importBackup |
x | x | |
importGoldenConfigTree |
x | x | |
importGroup |
x | x | |
isAlive |
x | x | |
lookupDiff |
x | x | |
patchDeviceConfiguration |
x | x | |
removeDevicesFromGroup |
x | x | |
removeDevicesFromNode |
x | x | |
removeTasksFromNode |
x | x | |
renderJinja2 |
x | x | |
runAdapterTask |
x | x | |
runAutoRemediation |
x | x | |
runCompliance |
x | x | |
runComplianceForDevice |
x | x | |
runComplianceForNode |
x | x | |
runComplianceForTree |
x | x | |
runTaskInstance |
x | x | |
searchDeviceGroups |
x | x | |
searchGroups |
x | x | |
translateConfigSpec |
x | x | |
updateConfigSpec |
x | x | |
updateDeviceBackupById |
x | x | |
updateDeviceGroups |
x | x | |
updateGoldenConfigNode |
x | x | |
updateGoldenConfigTree |
x | x | |
updateGoldenConfigTreeVersion |
x | x | |
updateJSONSpec |
x | x | |
updateTaskInstance |
x | x |
| view | admin | taskwrite | |
|---|---|---|---|
| Configuration Manager | / |
x | |
| Diff Viewer | /task/DiffViewer |
x | x |
| Manual Remediation Results Task | /task/ManualRemediationResults |
x | x |
| Manual Remediation Task | /task/ManualRemediation |
x | x |
Core
| API Method/Task | admin | apiread |
|---|---|---|
checkIndexes |
x | x |
createAccount |
x | |
createAdapter |
x | |
createGroup |
x | |
createIndexes |
x | |
createIntegration |
x | |
createIntegrationModel |
x | |
createProfile |
x | |
createRepositoryConfig |
x | x |
deleteAccount |
x | |
deleteAdapter |
x | |
deleteGroup |
x | |
deleteIntegration |
x | |
deleteIntegrationModel |
x | |
deleteProfile |
x | |
deleteRepositoryConfig |
x | x |
exportIntegrationModel |
x | |
exportPrebuilt |
x | x |
getAccount |
x | |
getAccounts |
x | |
getAdapter |
x | x |
getAdapterChangelogs |
x | x |
getAdapterHealth |
x | x |
getAdapterModelTypes |
x | x |
getAdapters |
x | x |
getAdapterSchema |
x | x |
getAdaptersHealth |
x | x |
getApplication |
x | x |
getApplicationChangelogs |
x | x |
getApplicationHealth |
x | x |
getApplications |
x | x |
getApplicationSchema |
x | x |
getApplicationsHealth |
x | x |
getAssignableRoles |
x | |
getGroup |
x | |
getGroups |
x | |
getIndexes |
x | x |
getIntegration |
x | x |
getIntegrationModel |
x | x |
getIntegrationModels |
x | x |
getIntegrations |
x | x |
getIntegrationSchema |
x | x |
getPrebuilt |
x | x |
getPrebuilts |
x | x |
getProfile |
x | x |
getProfiles |
x | x |
getProfileSchema |
x | x |
getPrometheusMetrics |
x | x |
getRepositoryConfigs |
x | x |
getRepositoryPrebuilts |
x | x |
getServerHealth |
x | x |
getSystemHealth |
x | x |
importPrebuilt |
x | |
removePrebuilt |
x | |
restartAdapter |
x | |
restartApplication |
x | |
setAccountGroups |
x | |
setAccountPassword |
x | |
setGroupRoles |
x | |
startAdapter |
x | |
startApplication |
x | |
stopAdapter |
x | |
stopApplication |
x | |
switchActiveProfile |
x | |
updateAdapter |
x | |
updateAdapterLogging |
x | |
updateAdapterProperties |
x | |
updateApplication |
x | |
updateApplicationLogging |
x | |
updateApplicationProperties |
x | |
updateIntegration |
x | |
updateIntegrationModel |
x | |
updateIntegrationProperties |
x | |
updatePrebuilt |
x | |
updateProfile |
x | |
validateIntegrationModel |
x | |
validatePrebuilt |
x |
External Links
| API Method/Task | admin | apiread |
|---|---|---|
createLink |
x | |
deleteLink |
x | |
getLink |
x | x |
getLinks |
x | x |
updateLink |
x |
Form Builder
| API Method/Task | admin | apiread | apiwrite | authorization | operator |
|---|---|---|---|---|---|
createFormGroupEntry |
x | ||||
deleteForm |
x | x | |||
deleteFormGroups |
x | ||||
exportForm |
x | x | |||
fetchData |
x | x | x | ||
getElementDefinition |
x | x | x | ||
getForm |
x | x | x | ||
getFormByName |
x | x | x | ||
importForm |
x | x | |||
listElements |
x | x | x | ||
listFormGroups |
x | x | |||
listForms |
x | x | x | ||
preserveFormData |
x | x | x | ||
removeFormGroup |
x | ||||
replaceFormGroups |
x | ||||
saveForm |
x | x | |||
searchForms |
x | x | x |
| view | admin | engineering | operator | |
|---|---|---|---|---|
| About | /dialog/about |
x | x | |
| Automation Studio | /edit |
x | ||
| Show Form | /task/ShowForm |
x | x | |
| Show Form and Pop Yang Containers | /task/ShowFormPreserveData |
x | x | |
| Show Form and Set Dropdown List Values | /task/ProviderForm |
x | x | |
| Show Form by Name | /task/ShowFormByName |
x | x |
JSON Forms
| API Method/Task | admin | apiread | other | readonly |
|---|---|---|---|---|
createForm |
x | x | x | x |
deleteForms |
x | x | x | x |
getFormById |
x | x | x | x |
getForms |
x | x | x | x |
importForms |
x | x | x | x |
updateForm |
x | x | x | x |
validateData |
x | x | x | x |
validateForm |
x | x | x | x |
yangToSchema |
x | x | x | x |
| view | admin | operator | |
|---|---|---|---|
| JSON Forms | / |
x | |
| Render JSON Schema | /task/RenderJsonSchema |
x | x |
| Render Yang as JSON Form | /task/RenderYangForm |
x | x |
| Show Json Form | /task/ShowJsonForm |
x | x |
JST
| API Method/Task | admin | apiread | other | readonly |
|---|---|---|---|---|
createTransformation |
x | x | x | x |
deleteTransformation |
x | x | x | x |
getTransformation |
x | x | x | x |
runTransformation |
x | x | x | x |
searchTransformations |
x | x | x | x |
updateTransformation |
x | x | x | x |
| view | designer | |
|---|---|---|
| Automation Studio | /edit/jst |
x |
MOP
| API Method/Task | admin | apiread | apiwrite | engineering | support |
|---|---|---|---|---|---|
createAnalyticTemplate |
x | x | |||
createTemplate |
x | x | |||
deleteAnalyticTemplate |
x | x | |||
deleteTemplate |
x | x | |||
exportTemplate |
x | x | |||
GetBootFlash |
x | x | x | x | |
getDeviceObjectsFiltered |
x | x | x | ||
getDevicesFiltered |
x | x | x | ||
getDevicesFilteredDetailedResults |
x | x | x | ||
importTemplate |
x | x | |||
listAnalyticTemplates |
x | x | x | x | |
listAnAnalyticTemplate |
x | x | x | x | |
listATemplate |
x | x | x | x | |
listTemplates |
x | x | x | x | |
passThru |
x | x | |||
reattempt |
x | x | x | x | |
runAnalyticsTemplate |
x | x | x | x | |
runAnalyticsTemplateDevices |
x | x | x | x | |
RunCommand |
x | x | |||
RunCommandDevices |
x | x | |||
RunCommandTemplate |
x | x | |||
RunCommandTemplateSingleCommand |
x | x | |||
RunTemplateDevice |
x | x | |||
RunTemplateDevices |
x | x | |||
runTemplatesDiffArray |
x | x | x | x | |
SetBoot |
x | x | |||
updateAnalyticTemplate |
x | x | |||
updateTemplate |
x | x |
| view | admin | engineering | support | |
|---|---|---|---|---|
| About | /dialog/about |
x | x | |
| Automation Studio | /analytic |
x | x | x |
| Automation Studio | /template |
x | x | x |
| Choose Device | /task/chooseDevice |
x | x | x |
| MOP confirm Task | /task/confirmTask |
x | x | x |
| MOP Decision Task | /task/decisionTask |
x | x | x |
| MOP Diff Config | /task/diffConfig |
x | x | x |
| MOP Diff Config | /task/runTemplatesDiff |
x | x | x |
| MOP Manual Task | /task/reloadFailed |
x | x | x |
| MOP Review Summary | /task/reviewSummary |
x | x | x |
| MOP Verify Config | /task/verifyConfig |
x | x | x |
| Variable Selector | /modals/variableSelector |
x | x | x |
| View MOP Template Results | /task/viewTemplateResults |
x | x | x |
NSO Manager
| API Method/Task | admin | apiread | other | readonly |
|---|---|---|---|---|
addLockItem |
x | |||
applyTemplates |
x | |||
deleteQueueItem |
x | |||
getAllAuthGroups |
x | |||
getAllNEDs |
x | x | x | x |
getAuthGroups |
x | |||
getCommitQueueDeep |
x | |||
getDevicesFiltered |
x | |||
getDevicesFilteredForAdapter |
x | |||
getNEDs |
x | |||
getNEDsDeep |
x | x | x | x |
getQueuedDevices |
x | |||
getQueueItemDetails |
x | |||
isAlive |
x | |||
liveStatus |
x | |||
lockQueueItem |
x | |||
pruneDevicesAllItems |
x | |||
pruneDevicesFromItem |
x | |||
restAction |
x | |||
restQuery |
x | |||
runAction |
x | |||
runCommand |
x | |||
runCommands |
x | |||
setItemNacmGroup |
x | |||
setLeaf |
x | |||
unlockQueueItem |
x | |||
verifyConfig |
x | x |
| view | admin | |
|---|---|---|
| Add Device Form | /task/addDeviceForm |
x |
| Commit Queue Manager | /commit_queue_manager |
x |
| Ned Validator | /ned_inspector |
x |
| Set Device Configuration | /task/SetDeviceConfiguration |
x |
| User creates a list of devices from a given list of device options | /modal/devicePicker |
x |
| View queue item details | /modal/itemDetails |
x |
| view | admin | taskwrite | |
|---|---|---|---|
| Preview Import | /task/PreviewImport |
x | x |
| View Dryrun | /task/ViewDryrun |
x | x |
Service Catalog
| API Method/Task | admin | apiread | apiwrite | engineering | support |
|---|---|---|---|---|---|
AddNewServiceToCatalog |
x | x | x | x | |
CreateServiceOrder |
x | x | x | x | |
deleteService |
x | x | x | x | |
GetFormData |
x | x | x | x | |
GetFormId |
x | x | x | x | |
GetForms |
x | x | x | x | |
getGroups |
x | x | x | x | |
GetUserObject |
x | x | x | x | |
GetWorkflows |
x | x | x | x | |
invokeServiceOrder |
x | x | x | x | |
ServiceCatalogStore |
x | x | x | x | |
ServiceModels |
x | x | x | x | |
UpdateServiceInCatalog |
x | x | x | x |
| view | admin | engineering | operations | |
|---|---|---|---|---|
| Service Catalog | / |
x | x | x |
| Service Catalog Builder | /edit |
x | x | |
| Service Catalog Builder | /manage |
x | x |
Service Manager
| API Method/Task | admin | apiread | apiwrite | engineering | support |
|---|---|---|---|---|---|
addServiceInstance |
x | x | x | x | |
addServiceInstances |
x | x | x | x | |
checkSync |
x | x | x | x | |
config |
x | x | x | x | |
createServiceModelForm |
x | x | x | x | |
deleteInstance |
x | x | x | ||
deleteInstances |
x | x | x | x | |
deleteServiceModelFromDatabase |
x | x | x | x | |
deleteServicePath |
x | x | x | x | |
deleteServicePathDryRun |
x | x | x | x | |
deleteServicePaths |
x | x | x | x | |
deleteServicePathsDryRun |
x | x | x | x | |
deviceModifications |
x | x | x | x | |
dryrunServiceInstance |
x | x | x | x | |
DryRunServiceWithFlags |
x | x | x | x | |
getDevicesInServiceInstance |
x | x | x | x | |
getInstance |
x | x | |||
getInstancesOfService |
x | x | x | x | |
getMergedServiceModelFields |
x | x | x | x | |
getServiceInstanceMap |
x | x | x | x | |
getServiceInstanceObjectTemplate |
x | x | x | x | |
getServiceModel |
x | x | x | x | |
getServiceModelDatabase |
x | x | x | x | |
getServiceModelFields |
x | x | x | x | |
getServiceModelFieldsForGroup |
x | x | x | x | |
getServiceModelMap |
x | x | x | x | |
getServicesDetails |
x | x | x | x | |
listServiceModels |
x | x | x | x | |
mapInstanceDataToModel |
x | x | x | x | |
reactiveRedeploy |
x | x | x | x | |
saveInstance |
x | x | x | x | |
saveInstances |
x | x | x | x | |
setServiceInstanceTenant |
x | x | x | x | |
testInstance |
x | x | x | x | |
testInstances |
x | x | x | x | |
updateNSOData |
x | x | x | x | |
updateServiceModelDatabase |
x | x | x | x |
| view | admin | engineering | operations | support | taskread | taskwrite | |
|---|---|---|---|---|---|---|---|
| Choose Hub-Site | /task/IWANChooseHub |
x | x | ||||
| Choose QOS | /task/IWANChooseQOS |
x | x | ||||
| Choose Site | /task/IWANChooseSite |
x | x | ||||
| Device Config | /deviceConfigDialog |
x | x | x | |||
| Dry Run | /dryRunDialog |
x | x | x | |||
| Dry Run | /task/DryRun |
x | x | ||||
| Out of Sync | /outOfSyncDialog |
x | x | x | |||
| Service Manager | / |
x | x | ||||
| Service Manager | /cloned_form |
x | x | ||||
| Service Manager | /edit |
x | x | ||||
| Service Manager | /form |
x | x | ||||
| Service Manager | /instances |
x | x | ||||
| Service Manager | /list |
x | x | ||||
| Service Manager | /view |
x | x | ||||
| Set Fields For Group | /task/SetFieldsForGroup |
x | x | ||||
| Set Fields For Group | /task/SetGroupData |
x | x | ||||
| View Dry Run | /task/ViewDryRun |
x | x | ||||
| View Dry Run Results | /task/ViewDryRunService |
x | x | ||||
| View Dry Run Results | /task/ViewTestService |
x | x | x | x | ||
| View Service Model | /task/ViewServiceModelForm |
x | x |
Task Worker
| API Method/Task | admin |
|---|---|
activate |
x |
deactivate |
x |
isActive |
x |
Template Builder
| API Method/Task | admin | apiread | other | readonly |
|---|---|---|---|---|
applyTemplates |
x | x | ||
createTemplate |
x | x | x | x |
deleteTemplate |
x | x | x | x |
duplicateTemplate |
x | x | x | x |
getTemplate |
x | x | x | x |
getTemplatesFiltered |
x | x | x | x |
importTemplate |
x | x | x | x |
parseTemplate |
x | x | x | x |
renderJinjaTemplate |
x | x | x | x |
templateDetails |
x | x | x | x |
templates |
x | x | x | x |
updateTemplate |
x | x | x | x |
Workflow Builder
| API Method/Task | admin | apiread | apiwrite | authorization | engineering | support |
|---|---|---|---|---|---|---|
createWorkflowGroupEntry |
x | |||||
deleteWorkflow |
x | x | x | |||
deleteWorkflowGroups |
x | |||||
exportWorkflow |
x | x | ||||
getTaskDetails |
x | x | x | |||
getTasksList |
x | x | x | |||
importWorkflow |
x | x | ||||
listWorkflowGroups |
x | x | ||||
removeWorkflowGroup |
x | |||||
renameWorkflow |
x | x | x | |||
replaceWorkflowGroups |
x | |||||
saveWorkflow |
x | x | x |
| view | admin | engineering | |
|---|---|---|---|
| About | /dialog/about |
x | x |
| Add Event Listener | /editEventListener |
x | x |
| Add New Job Variable | /editNewVariable |
x | x |
| Automation Studio | /edit |
x | x |
| Clone Workflow | /dialog/cloneWorkflow |
x | x |
| Create Workflow | /dialog/createWorkflow |
x | x |
| Edit Child Job | /editChildJob |
x | x |
| Edit Deep Merge | /editDeepMerge |
x | x |
| Edit Eval | /editEval |
x | x |
| Edit Merge | /editMerge |
x | x |
| Edit Push | /editPush |
x | x |
| Edit Shift or Pop | /editShiftPop |
x | x |
| Edit Task | /editTask |
x | x |
| Edit Transformation | /editTransformation |
x | x |
| Edit Transition | /editTransition |
x | x |
| Job Description | /dialog/jobDescription |
x | x |
| Reference Warning | /referenceWarn |
x | x |
| Select Task | /dialog/selectTask |
x | x |
| Set Variables | /dialog/setVariables |
x | x |
| Test Task | /task/TestTask |
x | x |
| View Schema | /viewSchema |
x | x |
| Workflow Settings | /dialog/workflowSettings |
x | x |
Workflow Engine
| API Method/Task | admin | apiread | apiwrite | authorization | engineering | support |
|---|---|---|---|---|---|---|
activate |
x | |||||
addDuration |
x | x | x | x | x | |
addWatchers |
x | x | ||||
arrayConcat |
x | |||||
arrayIncludes |
x | |||||
arrayIndexOf |
x | |||||
arrayLastIndexOf |
x | |||||
arrayLength |
x | |||||
arrayPop |
x | |||||
arrayPush |
x | |||||
arrayShift |
x | |||||
arraySlice |
x | |||||
arrayToLocaleString |
x | |||||
arrayToString |
x | |||||
assign |
x | |||||
calculateTimeDiff |
x | x | x | x | x | |
calculateWorkflowSchema |
x | x | x | x | ||
cancelJob |
x | x | x | x | ||
charAt |
x | |||||
charCodeAt |
x | |||||
checkWorkflowForJobVariables |
x | x | x | x | ||
childJob |
x | x | ||||
claimTask |
x | x | x | x | x | |
codePointAt |
x | |||||
convertEpochToObject |
x | x | x | x | x | |
convertTimeFormat |
x | x | x | x | x | |
convertTimeToEpoch |
x | x | x | x | x | |
convertTimezone |
x | x | x | x | x | |
copyWithin |
x | |||||
createJobGroupEntry |
x | |||||
deactivate |
x | |||||
decision |
x | x | ||||
deepmerge |
x | x | ||||
delay |
x | x | ||||
deleteJobGroups |
x | |||||
diffToHTML |
x | |||||
endsWith |
x | |||||
evaluation |
x | x | ||||
eventListener |
x | |||||
eventListenerJob |
x | |||||
extractField |
x | x | x | x | x | |
fill |
x | |||||
find |
x | x | ||||
findForwardPaths |
x | x | x | x | ||
finishManualTask |
x | |||||
fixJob |
x | x | ||||
FlattenJSONFormInput |
x | x | ||||
forEach |
x | x | ||||
getAllLoopTasks |
x | x | ||||
getAssociatedJobs |
x | x | ||||
getEntireJob |
x | x | ||||
getJob |
x | x | ||||
getJobDeep |
x | x | ||||
getJobDetails |
x | x | ||||
getJobFromTaskQuery |
x | x | ||||
getJobHistory |
x | x | ||||
getJobList |
x | x | ||||
getJobShallow |
x | x | ||||
getJobVisualizationData |
x | x | x | x | ||
getManualTaskController |
x | x | x | x | ||
getTask |
x | x | ||||
getTaskDetails |
x | x | ||||
getTaskIterations |
x | x | ||||
getTaskStatuses |
x | x | x | x | ||
getTime |
x | x | x | x | x | |
getWorkflowsDetailedByName |
x | x | x | x | ||
isActive |
x | |||||
isArray |
x | |||||
join |
x | |||||
keys |
x | |||||
listJobGroups |
x | x | ||||
localeCompare |
x | |||||
makeData |
x | x | ||||
map |
x | x | ||||
match |
x | |||||
merge |
x | x | ||||
modify |
x | x | ||||
newVariable |
x | x | ||||
normalize |
x | |||||
numberToString |
x | |||||
objectHasOwnProperty |
x | |||||
objectToString |
x | |||||
padEnd |
x | |||||
padStart |
x | |||||
parse |
x | |||||
parseInt |
x | |||||
pauseJob |
x | x | ||||
pop |
x | x | ||||
prepareMetricsLogs |
x | x | ||||
push |
x | x | ||||
query |
x | x | ||||
queryJobs |
x | x | ||||
queryTasksBrief |
x | x | ||||
releaseTask |
x | x | x | x | x | |
removeJobGroup |
x | |||||
repeat |
x | |||||
replace |
x | |||||
replaceJobGroups |
x | |||||
restCall |
x | x | ||||
resumeJob |
x | x | ||||
returnCompletedTaskData |
x | x | x | x | ||
reverse |
x | |||||
revertToTask |
x | x | ||||
runEvaluationGroup |
x | x | ||||
runEvaluationGroups |
x | x | ||||
runValidation |
x | x | x | x | x | |
search |
x | |||||
searchJobs |
x | x | ||||
searchTasks |
x | x | ||||
searchWorkflows |
x | x | ||||
setObjectKey |
x | |||||
shift |
x | x | ||||
sort |
x | |||||
split |
x | |||||
startJobWithOptions |
x | x | x | x | ||
startsWith |
x | |||||
stringConcat |
x | |||||
stringIncludes |
x | |||||
stringIndexOf |
x | |||||
stringLastIndexOf |
x | |||||
stringLength |
x | |||||
stringSlice |
x | |||||
stringValueOf |
x | |||||
stub |
x | x | ||||
substring |
x | |||||
toLocaleLowerCase |
x | |||||
toLocaleUpperCase |
x | |||||
toLowerCase |
x | |||||
toUpperCase |
x | |||||
transformation |
x | x | ||||
trim |
x | |||||
trimEnd |
x | |||||
trimStart |
x | |||||
unshift |
x | |||||
unwatchJob |
x | x | ||||
updateJobDescription |
x | x | ||||
validateAllLoops |
x | x | ||||
values |
x | |||||
watchJob |
x | x |
| view | admin | engineering | operations | |
|---|---|---|---|---|
| Active Jobs | /jobs |
x | x | |
| Active Tasks | / |
x | x | |
| Display Message with Data | /task/ViewData |
x | x | x |
| Error Handling | /task/ErrorHandling |
x | x | |
| Job Manager | /job |
x | x | |
| Job Manager | /manager |
x | ||
| Job Manager | /viewer |
x | ||
| Review Job Errors | /dialog/JobErrors |
x | x | x |
| Review Task Details | /dialog/TaskReview |
x | x | x |
| Review Task Options | /dialog/TaskOptions |
x | x | x |
| Task Manager | /task_manager |
x | ||
| View Diff | /task/ViewDiff |
x | x |