Skip to content

Roles

ZEM has a role-based access control system that allows you to control what users can do on the platform. Each user can have one or more roles, and each role grants a set of permissions. These roles can be assigned to users on a per-site basis, but can also be automatically inherited from other roles.

A list of the current roles in ZEM can be found below:

Key English label Dutch label
admin_console Utilise admin console Admin console gebruiken
audit_log View audit log Audit log bekijken
change_passwords Change other users' passwords Wachtwoorden van andere gebruikers aanpassen
create_new_vpn_user_roles Add VPN user roles VPN gebruiker rollen toevoegen
create_tenants Create sites Locaties aanmaken
discover_switches Use switch discovery Switch discovery gebruiken
edit_pdf_templates Create and edit documentation templates Documentatie-templates aanmaken en bewerken
firewall_rules Modify firewall rules Firewall regels aanpassen
full_system_settings_access Create, read, update and remove arbitrary system settings Willekeurige systeem-instellingen aanmaken, uitlezen, bijwerken en verwijderen
import_deployment Use deployment feature Deployment-functie gebruiken
ip_overrides Override IP addresses IP adressen overschrijven
lock_devices Lock and unlock device(s) Apparaten vergrendelen en ontgrendelen
manage_appliances Manage On-Site Appliances On-Site Appliances beheren
manage_auth_integrations Enable access to this site via external authentication providers Toegang tot deze locatie via externe authenticatieproviders inschakelen
manage_backups Configure and create backups Back-ups configureren en aanmaken
manage_device_custom_port_config Manage custom port configurations Aangepaste poort-configuraties beheren
manage_device_profiles Manage device profiles Apparaatprofielen beheren
manage_compliance_policies Manage compliance policies Compliance policies beheren
manage_firmware_files manage_firmware_files manage_firmware_files
manage_firmware_update_schedules manage_firmware_update_schedules manage_firmware_update_schedules
manage_firmware_updates Manage firmware update schedules Beheer firmware-update schemas
manage_groups Manage groups Groepen beheren
manage_l3_filters Manage VLAN L3 filters VLAN L3 filters beheren
manage_network_graphs Manage network graphs Blokschema's beheren
manage_service_ports Manage service ports Service-poorten beheren
manage_shared_templates Managed template library Template-bibliotheek beheren
manage_stages Manage switch stages Switch-fases beheren
manage_switches Manage switches Switches beheren
manage_system_settings Manage system settings Systeem-instellingen beheren
manage_user_defined_intents Manage user-defined actions / buttons Acties / knoppen met aangepaste invoer beheren
manage_users Manage users Gebruikers beheren
manage_vlans Manage VLANs VLANs beheren
manage_vpn_users Manage VPN users VPN gebruikers beheren
port_config_ai Use experimental AI assistance for port configuration Experimentele AI-hulpmiddelen bij poort-configuratie gebruiken
public_api API access API-toegang
receive_security_notifications Receive security notifications Security-meldingen ontvangen
retrieve_vault_passwords Retrieve vault passwords Vault-wachtwoorden ophalen
run_compliance_checks Run compliance checks Compliance checks uitvoeren
syslog_export Export syslog data Syslog gegevens exporteren
syslog_search Search syslog data Syslog gegevens doorzoeken
tenant_transfer Import and export full sites Volledige locaties importeren en exporteren
toggle_service_ports Enable and disable service ports Service-poorten activeren en deactiveren
toggle_vpn_users Grant access to VPN users VPN gebruikers toegang geven
unguided Manually manipulate device relations ("unguided" mode) Apparaatrelaties handmatig aanpassen ("unguided mode")
update_switch_stage Specify switch progress (stage) Voortgang switch (fase) aanwijzen
view_device_port_config View device port configurations Poort-configuraties van apparaten bekijken
view_firmware_files view_firmware_files view_firmware_files
view_firmware_update_schedules view_firmware_update_schedules view_firmware_update_schedules
view_firmware_updates View firmware update schedule Firmware-update schema bekijken
view_l3_filters View VLAN L3 filters VLAN L3 filters bekijken
view_network_graphs View network graphs Blokschema's bekijken
view_users Access user overview Gebruikersoverzicht inzien
view_service_ports View service ports Service-poorten bekijken
view_service_port_log View service port log Service-poorten-log bekijken
view_vpn_users View VPN users VPN users bekijken
view_vpn_user_log View VPN user log VPN gebruikers-log bekijken

Role Inheritance

Roles can be inherited from other roles. This means that if a user has a role that inherits from another role, they will have all the permissions of the "child" roles in addition to any permissions granted by the "parent" role.

A diagram of the current role inheritance in ZEM can be found below:

flowchart LR subgraph Users and authentication change_passwords manage_auth_integrations manage_users view_users end subgraph VPN users create_new_vpn_user_roles manage_vpn_users toggle_vpn_users view_vpn_user_log view_vpn_users end manage_vpn_users["Manage VPN users (manage_vpn_users)"] toggle_vpn_users["Grant access to VPN users (toggle_vpn_users)"] manage_vpn_users --> toggle_vpn_users view_vpn_user_log["View VPN user log (view_vpn_user_log)"] manage_vpn_users --> view_vpn_user_log create_new_vpn_user_roles["Add VPN user roles (create_new_vpn_user_roles)"] manage_vpn_users --> create_new_vpn_user_roles toggle_vpn_users["Grant access to VPN users (toggle_vpn_users)"] view_vpn_users["View VPN users (view_vpn_users)"] toggle_vpn_users --> view_vpn_users audit_log["View audit log (audit_log)"] view_vpn_user_log["View VPN user log (view_vpn_user_log)"] audit_log --> view_vpn_user_log manage_device_custom_port_config["Manage custom port configurations (manage_device_custom_port_config)"] view_device_port_config["View device port configurations (view_device_port_config)"] manage_device_custom_port_config --> view_device_port_config discover_switches["Use switch discovery (discover_switches)"] manage_switches["Manage switches (manage_switches)"] discover_switches --> manage_switches full_system_settings_access["Create, read, update and remove arbitrary system settings (full_system_settings_access)"] manage_system_settings["Manage system settings (manage_system_settings)"] full_system_settings_access --> manage_system_settings manage_compliance_policies["Manage compliance policies (manage_compliance_policies)"] run_compliance_checks["Run compliance checks (run_compliance_checks)"] manage_compliance_policies --> run_compliance_checks manage_firmware_files["manage_firmware_files (manage_firmware_files)"] view_firmware_files["view_firmware_files (view_firmware_files)"] manage_firmware_files --> view_firmware_files manage_firmware_updates["Manage firmware update schedules (manage_firmware_updates)"] view_firmware_updates["View firmware update schedule (view_firmware_updates)"] manage_firmware_updates --> view_firmware_updates view_firmware_files["view_firmware_files (view_firmware_files)"] manage_firmware_updates --> view_firmware_files manage_firmware_update_schedules["manage_firmware_update_schedules (manage_firmware_update_schedules)"] view_firmware_update_schedules["view_firmware_update_schedules (view_firmware_update_schedules)"] manage_firmware_update_schedules --> view_firmware_update_schedules view_firmware_files["view_firmware_files (view_firmware_files)"] manage_firmware_update_schedules --> view_firmware_files manage_groups["Manage groups (manage_groups)"] manage_switches["Manage switches (manage_switches)"] manage_groups --> manage_switches manage_l3_filters["Manage VLAN L3 filters (manage_l3_filters)"] view_l3_filters["View VLAN L3 filters (view_l3_filters)"] manage_l3_filters --> view_l3_filters manage_shared_templates["Managed template library (manage_shared_templates)"] edit_pdf_templates["Create and edit documentation templates (edit_pdf_templates)"] manage_shared_templates --> edit_pdf_templates manage_stages["Manage switch stages (manage_stages)"] update_switch_stage["Specify switch progress (stage) (update_switch_stage)"] manage_stages --> update_switch_stage manage_users["Manage users (manage_users)"] view_users["Access user overview (view_users)"] manage_users --> view_users manage_service_ports["Manage service ports (manage_service_ports)"] view_service_ports["View service ports (view_service_ports)"] manage_service_ports --> view_service_ports toggle_service_ports["Enable and disable service ports (toggle_service_ports)"] manage_service_ports --> toggle_service_ports view_service_port_log["View service port log (view_service_port_log)"] manage_service_ports --> view_service_port_log syslog_export["Export syslog data (syslog_export)"] syslog_search["Search syslog data (syslog_search)"] syslog_export --> syslog_search tenant_transfer["Import and export full sites (tenant_transfer)"] manage_backups["Configure and create backups (manage_backups)"] tenant_transfer --> manage_backups create_tenants["Create sites (create_tenants)"] tenant_transfer --> create_tenants toggle_service_ports["Enable and disable service ports (toggle_service_ports)"] view_service_ports["View service ports (view_service_ports)"] toggle_service_ports --> view_service_ports root["root (root)"] admin_console["Utilise admin console (admin_console)"] root --> admin_console audit_log["View audit log (audit_log)"] root --> audit_log change_passwords["Change other users' passwords (change_passwords)"] root --> change_passwords discover_switches["Use switch discovery (discover_switches)"] root --> discover_switches firewall_rules["Modify firewall rules (firewall_rules)"] root --> firewall_rules full_system_settings_access["Create, read, update and remove arbitrary system settings (full_system_settings_access)"] root --> full_system_settings_access import_deployment["Use deployment feature (import_deployment)"] root --> import_deployment ip_overrides["Override IP addresses (ip_overrides)"] root --> ip_overrides lock_devices["Lock and unlock device(s) (lock_devices)"] root --> lock_devices manage_appliances["Manage On-Site Appliances (manage_appliances)"] root --> manage_appliances manage_auth_integrations["Enable access to this site via external authentication providers (manage_auth_integrations)"] root --> manage_auth_integrations manage_device_custom_port_config["Manage custom port configurations (manage_device_custom_port_config)"] root --> manage_device_custom_port_config manage_device_profiles["Manage device profiles (manage_device_profiles)"] root --> manage_device_profiles manage_compliance_policies["Manage compliance policies (manage_compliance_policies)"] root --> manage_compliance_policies manage_firmware_files["manage_firmware_files (manage_firmware_files)"] root --> manage_firmware_files manage_firmware_update_schedules["manage_firmware_update_schedules (manage_firmware_update_schedules)"] root --> manage_firmware_update_schedules manage_firmware_updates["Manage firmware update schedules (manage_firmware_updates)"] root --> manage_firmware_updates manage_groups["Manage groups (manage_groups)"] root --> manage_groups manage_l3_filters["Manage VLAN L3 filters (manage_l3_filters)"] root --> manage_l3_filters manage_network_graphs["Manage network graphs (manage_network_graphs)"] root --> manage_network_graphs manage_service_ports["Manage service ports (manage_service_ports)"] root --> manage_service_ports manage_shared_templates["Managed template library (manage_shared_templates)"] root --> manage_shared_templates manage_stages["Manage switch stages (manage_stages)"] root --> manage_stages manage_user_defined_intents["Manage user-defined actions / buttons (manage_user_defined_intents)"] root --> manage_user_defined_intents manage_users["Manage users (manage_users)"] root --> manage_users manage_vlans["Manage VLANs (manage_vlans)"] root --> manage_vlans manage_vpn_users["Manage VPN users (manage_vpn_users)"] root --> manage_vpn_users port_config_ai["Use experimental AI assistance for port configuration (port_config_ai)"] root --> port_config_ai public_api["API access (public_api)"] root --> public_api receive_security_notifications["Receive security notifications (receive_security_notifications)"] root --> receive_security_notifications retrieve_vault_passwords["Retrieve vault passwords (retrieve_vault_passwords)"] root --> retrieve_vault_passwords syslog_export["Export syslog data (syslog_export)"] root --> syslog_export tenant_transfer["Import and export full sites (tenant_transfer)"] root --> tenant_transfer unguided["Manually manipulate device relations (unguided mode) (unguided)"] root --> unguided view_network_graphs["View network graphs (view_network_graphs)"] root --> view_network_graphs classDef nodeStyle padding:2px,fill:#389ed8,stroke:#2e6c84,color:#fff,stroke-width:2px class admin_console,audit_log,change_passwords,create_new_vpn_user_roles,create_tenants,discover_switches,edit_pdf_templates,firewall_rules,full_system_settings_access,import_deployment,ip_overrides,lock_devices,manage_appliances,manage_auth_integrations,manage_backups,manage_device_custom_port_config,manage_device_profiles,manage_compliance_policies,manage_firmware_files,manage_firmware_update_schedules,manage_firmware_updates,manage_groups,manage_l3_filters,manage_network_graphs,manage_service_ports,manage_shared_templates,manage_stages,manage_switches,manage_system_settings,manage_user_defined_intents,manage_users,manage_vlans,manage_vpn_users,port_config_ai,public_api,receive_security_notifications,retrieve_vault_passwords,run_compliance_checks,syslog_export,syslog_search,tenant_transfer,toggle_service_ports,toggle_vpn_users,unguided,update_switch_stage,view_device_port_config,view_firmware_files,view_firmware_update_schedules,view_firmware_updates,view_l3_filters,view_network_graphs,view_users,view_service_ports,view_service_port_log,view_vpn_users,view_vpn_user_log nodeStyle