User Role Use Cases
Use Cases Overview
The following use cases are described below. (Screenshots are from Apstra version 4.1.1 which look slightly different from version 4.1.2.)
- Use Case 1: Read, Write and Commit Specific Blueprints
- Use Case 2: Manage VN Endpoints on Specific Blueprints
- Use Case 3: Create Virtual Networks (not Including Allocating Resources)
- Use Case 3A: Create Virtual Networks and Allocate Resources
- Use Case 4: Read and Write Resources on All Blueprints
Use Case 1: Read, Write and Commit Specific Blueprints
To create a role that gives a user permission to read, write, and commit to specific blueprints, select Per-Blueprint Permissions, select one or more blueprint IDs (or All for all blueprints), then toggle on Read blueprint, Make any change to staging blueprint, and Commit changes. The changes that can be made include Manage virtual networks and Manage virtual network endpoints even though those permissions may or may not be toggled on.
Use Case 2: Manage VN Endpoints on Specific Blueprints
To create a role that gives a user permission to only manage virtual network endpoints on specific blueprints, select Per-Blueprint Permissions, select one or more blueprint IDs (or All for all blueprints), then toggle on Manage virtual network endpoints.
Use Case 3: Create Virtual Networks (not Including Allocating Resources)
To create a role that gives a user permission to only create virtual networks, select Per-Blueprint Permissions, select one or more blueprint IDs (or toggle on All for all blueprints), then toggle on Read Blueprint, Commit changes, Manage virtual networks, and Manage virtual network endpoints. By not selecting Make any change to staging blueprint you are limiting the changes that can be made to virtual networks only.
Use Case 3A: Create Virtual Networks and Allocate Resources
For a user with the role in use case 3 above to be able to allocate resources to the virtual networks that they create, they must also be assigned two additional roles: one with global permissions to read and write resources (see use case 4 below) and another one with per-blueprint permissions to Make any change to staging blueprint, effectively giving them access to make other changes in addition to making changes to virtual networks. Of course, this second one would not be needed if the role for creating virtual networks also enabled Make any change to staging blueprints.
Use Case 4: Read and Write Resources on All Blueprints
To create a role that gives a user permission to read and write resources on any blueprint, select Global Permissions, then toggle on Resources for Read and Write, which toggles on all resource types.