User Group Permissions in SmartZone Devices

By combining the all resource groups with a permission level for each group, you can customize the administrator's privileges.

Resources are divided into the following groups:
  • SmartZone Management
  • AP Management
  • WLAN Management
  • User/Device/Application Management
  • Administrator Management
  • Managed Service or MVNO Management
  • Switch Management
There are four permission levels in each group:
  • No access
  • Read (read only permission level)
  • Modify (read and modify existing resources, cannot create new resource or delete existing resource)
  • Full access
Though resource groups are associated with domains, not all resource groups can be associated with any domain. Following are some restrictions:
Table 23 Resource Group-Domain Restrictions
Resource Group Domain Allowed
AP Management All Domains
WLAN Management All Domains
SmartZone Management System (MSP root)
Managed Service or MVNO Management System (MSP root)
User/Device/Application Management System (MSP root), Partner managed domains (Partner root)
Administrator Management System (MSP root), Partner managed domains (Partner root)
Table 24 Predefined Administrator Roles
Predefined Permissions Management
SmartZone AP WLAN User/Device/Application Administrator Managed Service or MVNO
Super Admin Full Access Full Access Full Access Full Access Full Access Full Access
System Admin Full Access Read Read Read Full Access No Access
Read-Only System Admin Read Read Read Read Read No Access
Network Admin Read Full Access Full Access Full Access No Access No Access
Read-Only Network Admin Read Read Read Read No Access No Access
AP Admin No Access Modify Modify Read No Access No Access
Guest Pass Admin No Access No Access No Access Full Access (Guest Pass, Guest Template, Subscription Package, Identity User) No Access No Access
Table 25 Relationship between Resource, Operation -Resource Group and Permission Levels
Resource Operation Resource Group Permission Levels
Dashboard Settings - Global Notification SZ Management Modify
Settings - Health Dashboard > Cluster SZ Management Modify
Settings - Health Dashboard > AP SZ Management Modify
Settings - Others SZ Management
Settings - User Preference Permitted after login
Cluster Cluster Backup SZ Management Full Access
Cluster Restore SZ Management Full Access
SZ Upgrade and AP firmware Upgrade SZ Management Full Access
Configuration Backup SZ Management Full Access
Configuration Restore SZ Management Full Access
Modify License Server Configuration SZ Management Modify
Update License (manual upload or manual sync with License Server) SZ Management Modify
View License Information (download, status, usage, installed licenses) SZ Management Read
AP Certificate Replacement SZ Management Modify
Restart/shutdown SZ SZ Management Full Access
Cluster Level Configuration
  • System Time
  • Syslog Server
  • SCI
  • northbound portal
View configuration content SZ Management Read
  • SMTP
  • FTP server for upload stats
  • Critical AP rules
  • Q-in-Q Ether Type
  • Gateway Advanced Options
  • Certificate Store
Modify configuration content SZ Management Modify
  • Cluster Redundancy(3.6)
  • SNMP Agent
  • Event Management
  • Event Threshold
  • Management Interface ACL
  • Hosted AAA services (EAP-SIM, EAP-AKA)
  • MNC-NDC Mappings
  • FTP
  • SMS Server
  • Approval (System > AP Settings > Approval)
  • AP Switchover
  • EPVOT (Ethernet Port Validate On Trunk)
  • Gateway advanced
  • ZeroIT
  • lwapp2scg

Create new configuration entity

Event Management : Disable/Enable

Cluster Redundancy - Rehome Per cluster, Restore Config, Switchover

SZ Management Full Access
CP/DP Node View node configuration SZ Management Read
Modify node configuration SZ Management Modify
Reset/Reboot/Remove Node SZ Management Full Access
Node level realtime monitor SZ Management Read
Node level historical stats SZ Management Full Access
Administrator Modify account Administrator Management Read
Create/Delete account Administrator Management Modify
View account content Administrator Management Modify
View Login captcha settings Administrator Management Full Access
Modify Login captcha settings Administrator Management Read
Administrator Group Modify administrator group Administrator Management Modify
Create/Delete Administrator Management Full Access
View administrator group content Administrator Management Read
Management Domain Modify domain Administrator Management Modify
Create/Delete Administrator Management Full Access
Move zone in/out of domain Administrator Management Modify

View group tree (hierarchical relationship among domain, zone and AP, limited information about domain, zone and AP such as id, name, MAC)

Administrator Management

Managed Service/MVNO Management

AP Management

WLAN Management

User/Device/Application Management

Read

View domain List

(limited information about the domain such as id and name)

Administrator Management

Managed Service/MVNO Management

AP Management

WLAN Management

User/Device/Application Management 		Read
Partner/Venue/MVNO Modify Partner, Venue, MVNO account Managed Service/MVNO Management Modify
Create/Delete Managed Service/MVNO Management Full Access
View Partner, Venue, MVNO account, Third Party UE Managed Service/MVNO Management Read
Partner, Venue, MVNO related historical stats Managed Service/MVNO Management Full Access
Zone/Zone Template Modify Zone AP Management Modify
Create/Delete AP Management Full Access
View AP Management Read
Apply zone template (grid action button) AP Management Read
Apply zone template AP Management Full Access
Zone related service/profile
  • Node affinity
  • Ruckus GRE Tunnel
  • SoftGRE Tunnel
  • IPsec Tunnel
  • LBS
  • Hotspot 2.0 Venue Profile
  • Ethernet Port Profile

Modify

Create/Delete

View configuration content

Move AP in/out zone

Get by Zone ID

AP Management

AP Management

AP Management

AP Management

AP Management

Modify

Full Access

Read

Full Access

Read

AP Group

Modify

AP Management

Modify

Create/Delete

AP Management

Full Access

View configuration content

AP Management

Read

Move AP in/out AP group

AP Management

Full Access

Modify associated WLAN group

AP Management and WLAN Management

Modify

AP Group related service/profile
LBS Modify AP Management Modify
Hotspot 2.0 Venue Profile Create/Delete AP Management Full Access
Ethernet Port Profile View configuration content AP Management Read
WLAN or WLAN Template Modify WLAN WLAN Management Modify
Create/Delete WLAN Management Full Access
View WLAN configuration content WLAN Management Read
Apply WLAN template (grid action button) WLAN Management

AP Management : READ &&WLAN Management : FULL_ACCESS

Read
Apply WLAN template WLAN Management

AP Management : READ &&WLAN Management : FULL_ACCESS

Full Access
WLAN related zone level service/profile
  • AAA
  • Hotspot
  • WeChat
  • Guest Access
Modify Test AAA WLAN Management Modify
  • Web Auth
  • Hotspot 2.0 WLAN Profile
  • WLAN scheduler
  • Device Policy
Create/Delete WLAN Management Full Access
  • L2 Access Control
  • DiffServ
  • VLAN Pooling
View configuration content WLAN Management Read
WLAN related level service/profile global
  • Authentication/Accounting Profile
  • AAA (authentication/accounting services)
  • Hotspot 2.0 Wi-Fi Operator
  • Hotspot 2.0 Wi-Fi Provider
  • Online Signup Portal
  • User Traffic Profile
  • Forwarding Profile (all types, e.g. Bridge,L2oGRE...)
  • Application Control (AVC)
  • DNS server services
  • URL Filtering
Modify Test AAA WLAN Management Modify
Create/Delete WLAN Management Full Access
View configuration content WLAN Management Read
Signature Package upload WLAN Management Full Access
Signature Package content WLAN Management Read
View Url Filtering Block Categories Permitted after login
View Url Filtering All Level Permitted after login
WLAN Group Modify WLAN Management Modify
Create/Delete WLAN Management Full Access
View configuration content WLAN Management Read
Add/Remove WLAN group member WLAN Management Modify
AP Pre-prevision AP, Delete AP, Move AP, Manual Approve AP and Reboot AP(cable modem) AP Management Full Access
Modify AP level configuration AP Management Modify
View AP level configuration content AP Management Read
Zone level: Extract zone template, Apply zone template, Change AP firmware and Trigger preferred node AP Management Full Access
AP Table:
  • Lock
  • Unlock
  • Import Batch Provisioning APs
  • Import Swapping APs
  • Trigger Preferred Node
  • Restart Cable Modem
  • Reset Cable Modem
  • Swap
  • Approve
AP Management Full Access
AP Table:
  • Export All Batch Provisioning APs
  • Export All Swapping APs
  • Download Support Log
  • Trigger AP Binary Log
  • Download CM Support Log
AP Management Read
Untag Critical APs AP Management Modify
Get All APs Firmware AP Management Read
Get AP Binary Log AP Management Read
AP Routine Status View Status/Config Interval SZ Management Read
Modify Status/Config Interval SZ Management Modify
AP related zone-level service/profile:
  • Bonjour Gateway
  • WIPS (Rogue AP Policy)
Modify AP Management Modify
Create/Delete AP Management Full Access
View configuration content AP Management Ready
Mark/Unmark Rogue APs AP Management Modify
AP Registration Rule Create/Modify/Delete AP Management Full Access
View configuration content AP Management Read
AP zero touch Execute action on AP through Mesh network AP Management Full Access
List discovered AP through Mesh network AP Management Read
User/Subscription Package Modify User/Device/Application Management Modify
Create/Delete User/Device/Application Management Full Access
View configuration content User/Device/Application Management Read
Guest Pass

Print

Export

Email

Mobile

User/Device/Application Management Read

Modify

Enable

Disable

User/Device/Application Management Modify
Create/Delete/Upload User/Device Application Management Full Access
View, print, text guest pass User/Device/Application Management Read
User Role Modify User/Device/Application Management Modify
Create User/Device/Application Management Full Access
View configuration content User/Device/Application Management Read
Client/Managed Devices

Delete/Block/Test Speed client or managed devices

Client page: stop/start real time chart

Disconnect

User/Device/Application Management Full Access
View client or managed devices User/Device/Application Management Read
Dynamic PSK (DPSK)

Batch Generate

Import CSV

Delete

Modify expired DPSK auto purge policy

User/Device/Application Management Full Access

View

View expired DPSK auto purge policy

User/Device/Application Management Read
Modify user name User/Device/Application Management Modify
Export CSV User/Device/Application Management Read
Rogue Device AP Management Read
Admin Activity Log Administrator Management Read
Admin > Access Control List SZ Management Full Access
Events & Alarms View All admin Read
Clear Permitted after login
Acknowledge Permitted after login
Create/Delete Permitted after login
Saved Report

AP Management

WLAN Management

SZ Management

Modify

Diagnostics > Scripts > Patch Scripts

Diagnostics > Scripts > Diagnostics Scripts

Super Admin only Full Access
Diagnostics > Scripts > AP CLI Scripts AP Management Full Access
Diagnostics > Scripts > Applications Logs Download log SZ Management Read
Set log level SZ Management Modify
Diagnostics > Others SZ Management Read
Historical Client Statistics View

User/Device/Application Management

AP management

Read
Core Tunnel Statistic (generated By DP)
  • Core Network Tunnel Stats > SoftGRE
  • Core Network Tunnel Stats > GRE
  • Core Network Tunnel Stats > GTP
  • Core Network Tunnel Stats > PMIPv6
SZ Management Read
Access Tunnel Statistics (generated By DP) SZ Management Read
Access Tunnel Statistics (generated by AP)
  • Ruckus AP Tunnel Stats > Ruckus GRE
  • Ruckus AP Tunnel Stats > SOFT GRE
  • Ruckus AP Tunnel Stats > SoftGRE + IPSec
AP Management Read
3rd Party AP Zone Modify 3rd party AP zone AP Management/ SZ Management Modify
Create/Delete AP Management/ SZ Management Full Access
View 3rd party zone configuration AP Management/ SZ Management Read
Session data of the UE in that zone User/Device/Application Management Full Access
Historical session data of the UE in that zone User/Device/Application Management Full Access
3rd Party > Hotspot AP Management/ SZ Management
3rd Party > Network Traffic Profile AP Management/ SZ Management
3rd Party > Q-in-Q Ether Type Create AP Management/ SZ Management Full Access
3rd Party > L2oGRE Create AP Management/ SZ Management Full Access
3rd Party WLAN Create/Delete AP Management/ SZ Management Full Access
Modify 3rd Party WLAN AP Management/ SZ Management Modify
Indoor Map Modify AP Management Modify
Create/Delete AP Management Full Access
View configuration content AP Management Read
Troubleshooting Client to AP AP Management Read
Manage User Agent Blacklist WLAN Management
Services & Profiles > Access Control > Client Isolation Whitelist WLAN Management
Services & Profiles > Access Control > Blocked Clients User/Device/Application Management
Services & Profiles > DHCP & NAT

DHCP Setting (AP)

DHCP Pools (AP)

AP Management, WLAN Management and SZ Management Full Access
Administration > ZD Migration Detail SZ Management Read
Data Plane Upload/Update - Calea Mac Setting/Customized Config SZ Management Modify
Create/Delete - Calea Related Setting/Customized Config SZ Management Full Access
View - Calea Related Setting/Customized Config/ DP Key SZ Management Read
Modify Zone Affinity Profile SZ Management/AP Management Modify
Create/Delete Zone Affinity Profile SZ Management/AP Management Full Access
View Zone Affinity Profile SZ Management/AP Management Read
Parent topic: Creating a User Role