HPE Aruba Networking Central User Roles in the HPE GreenLake Portal

A role refers to a logical entity used for determining user access to the features available in HPE Aruba Networking Central. Users are always tagged to roles that govern the level of user access to the HPE Aruba Networking Central app and services.

HPE GreenLake supports a set of built-in HPE Aruba Networking Central roles with different privileges and access permissions. You can also configure custom roles.

If a user's role assignment, including the restricted resource restriction policy (RRP) mapping, has already been configured for the New HPE Aruba Networking Central application, then when a new region is provisioned under the existing account, the user must update the RRP list to include the groups associated with the newly provisioned region. This ensures uninterrupted access to HPE Aruba Networking Central for the newly added region.

If the previous role assignment provided unrestricted or full access, then when a New HPE Aruba Networking Central account is provisioned in the new region, the user should automatically receive full access based on the role definition, without needing to update or create any Resource Restriction Policy (RRP).

For more information about managing users and roles in the HPE GreenLake portal, see the Manage section in the HPE GreenLake Edge to Cloud Platform User Guide.

Predefined Roles

HPE GreenLake allows you to assign the following built-in roles to HPE Aruba Networking Central users.

Table 1: Predefined Roles
Role	Privilege
Administrator	Administrator for the HPE Aruba Networking Central app. Has access to all menu options as well as the monitoring and configuration pages.
View Only	Has view only access to the HPE Aruba Networking Central app.
Guest Operator	Has edit and view access to the guest module in the HPE Aruba Networking Central app.
Operator	Has view access to the HPE Aruba Networking Central app. Has edit and view access to the troubleshooting module in the HPE Aruba Networking Central app.
View edit Role	Has edit and view access to all menu options as well as the monitoring and configuration pages.

Custom Roles with Resource Permissions

HPE GreenLake allows you to create custom roles and assign edit or view permissions to resources in HPE Aruba Networking Central. Some resources have sub-resources. You can also block user access to some resources or sub-resources in HPE Aruba Networking Central. To block access to a specific resource, you must remove both the edit and view permissions for that resource. If a resource is blocked for a specific role, the corresponding pages are not displayed on the UI.

HPE GreenLake supports setting permissions for the following HPE Aruba Networking Central resources.

Table 2: Resource Permissions
Resource	Permission
AirGroup	Can view, edit, or block user access to the AirGroup pages.
Device Profiling	Can view, edit, or block user access to the Device Profiling pages and the following sub-resources for Device Profiling: Device Profiling Application Settings Device Profiling Classified Devices Device Profiling Clients Profile Device Profiling Discovery Settings Device Profiling Generic Devices Device Profiling Reports Device Profiling User Classified Devices
Group Management Service	Can view, edit, or block user access to the group management and group scope pages.
Guest Service	Can view, edit, or block user access to the cloud guest splash page profiles.
Install Manager	Can view, edit, or block user access to the install manager pages.
Label Management Service	Can view, edit, or block user access to the label management pages.
MSP Service	Can view, edit, or block user access to the MSP pages.
Net Insight	Can view, edit, or block user access to the NetInsight Campus App dashboard.
NMS Service	Can view, edit, or block user access to the Network Management services, including: NMS Network Management System. NMS is a set of hardware and/or software tools that allow an IT professional to supervise the individual components of a network within a larger network management framework. Service Alerts and Events NMS Service Apprf NMS Service Configuration NMS Service Privileged Configuration NMS Service Configuration Variables NMS Group Level Access NMS Service Firmware NMS Service Troubleshooting
Other Applications	Can view, edit, or block user access to other applications modules such as notifications and Virtual Gateway deployment service.
Presence	Can view, edit, or block user access to the Presence Analytics app and analyze user presence data.
Reports	Can view, edit, or block user access to view and create reports.
Site Management Service	Can view, edit, or block user access to the site management pages.
UC	Can view, edit, or block user access to the Unified Communications pages.
VisualRF	Can view, edit, or block user access to the floor plans and RF Radio Frequency. RF refers to the electromagnetic wave frequencies within a range of 3 kHz to 300 GHz, including the frequencies used for communications or Radar signals. heatmaps.

The following animation shows you how to create custom role and assign permissions on the HPE GreenLake portal.