Users may be defined locally, or remotely on an external AAA server (for example TACACS+, RADIUS or LDAP).
When remote authentication is configured and if and only if the external AAA service is down, Lighthouse will fall back to local user authentication for added resilience.
User permissions are always assigned by Groups defined centrally on Lighthouse. These Groups are associated with Roles (which set the permission level) and Linked Smart Groups (which set the permission scope).
Roles define the permission level of a Group's users. Each Group may have one of the following Roles.
Lighthouse Administrator: The Lighthouse Administrator Role is assigned to Groups whose members need to manage and maintain Lighthouse itself. Members have complete control of Lighthouse and access to all Nodes.
Node Administrator: The Node Administrator Role is assigned to Groups that need to manage and maintain a set of Nodes. Each Group with the Node Administrator Role also must have a Linked Smart Group which defines this set of Nodes.
Node User: The Node User Role is assigned to Groups that need basic access to a set of Nodes. Each Group with the Node User Role also must have a Linked Smart Group which defines this set of Nodes.
Linked Smart Groups
Smart Groups select Nodes automatically and dynamically according to metadata Tags and Configuration. Node Administrator and Node User Groups use Smart Groups to define the set of Nodes which the Group has permissions over.