Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Create User Role

User roles specify permissions for working in the different areas of the Apstra environment. They can be specific to blueprints, parts of blueprints (as of Apstra version 5.0.0), or more general in nature. To customize a user's access and edit capability you'll assign roles to user profiles. Start by creating roles based on the permissions you want to control.
  1. From the left navigation menu of the Apstra GUI, navigate to Platform > User Management > Roles and click Create Role (or to copy an existing user role and customize it, click the Clone button for the user role to copy).
    The Create Role dialog opens (or the Clone Role dialog opens, as applicable).
  2. Enter a unique role name and (optional) description, then select permissions, as applicable.
    Note:

    Roles are either global, granular (per-blueprint) or tenant (routing zone and their inherited elements). Be careful. If you select permissions in one type, then click the radio button for another type, you'll lose the permissions you already set.

    Global Permissions pertain to Apstra details other than blueprint details. They include general blueprint read, write, commit and delete permissions as well as permissions for platform, external systems, resources, design, devices, and more. To add global permissions, select Global Permissions and toggle on/off one or more permissions.

    For example (circled in the image above), if another user has staged changes in a blueprint, that blueprint is locked for additional changes until that (unidentified) user commits or reverts the changes. You can create and assign a role that allows a user to see who made the changes and/or allow them to override those changes. (The admin role already has these permissions by default.)

    To grant permissions based on blueprints instead, select Granular Permissions, select either specific blueprints or All blueprints, then select one or more permissions that are datacenter-specific, freeform-specific or common to all blueprints.

    To grant permissions at the routing zone level instead, select Tenant Permissions, select either specific blueprints or All blueprints, select one or more tenants, then toggle on/off one or more permissions.

  3. Click Create to create the role and return to the Roles view.