User groups and access authorization
For switch resources, the access authorization granted to a user is determined by the group to which the user belongs. Each user group is assigned a number that represents a privilege level. This number is used to represent the user group in logs and in places in which the group name is too long to display.
The following predefined user groups are supported:
| User group | Privilege level | Description |
|---|---|---|
|
1 |
Authorized for read access to non-sensitive data. |
|
15 |
Authorized for read and write access to all switch resources. Write access also requires that the REST API is in read/write access mode. |
|
19 |
Authorized for read access to audit log ( |
All users can access the POST method of the
\login and
\logout resources. However, the login requests fail if the user is not a member of one of the predefined user groups. For example, login attempts fail when attempted by a member of a user-defined local user group.
If a user attempts a request for which they are not authorized, the switch returns an HTTP 403 "Forbidden" error.
If an authorized user attempts a write request but the REST API is in read-only mode, the switch returns an HTTP 404 "Page not found" error.