Assigning User Permissions

Create user permissions by assigning security roles. These roles regulate access to the web UI and the REST API to exchange monitoring and inventory information. In a distributed installation the Minion instance requires the ROLE_MINION permission to interact with Meridian.

Table 1. Built-in security roles (those with an asterisk are the most commonly used)
Security Role Name Description


Permissions to create, read, update, and delete in the web UI and the ReST API.


Permissions only to update the asset records from nodes.


Allow user access only to the dashboard.


Allow actions (such as acknowledging an alarm) to be performed on behalf of another user.


Allow user to edit flow classifications.


Allow retrieving JMX metrics but do not allow executing MBeans of the Meridian JVM, even if they just return simple values.


Minimum required permissions for a Minion to operate.


Allow user to use OpenNMS COMPASS mobile application to acknowledge alarms and notifications via the REST API.


Allow user to use the provisioning system and configure SNMP in Meridian to access management information from devices.


User limited to reading information in the web UI; unable to change alarm states or notifications.


Permissions to manage reports in the web UI and REST API.


Allow users to interact with the entire Meridian REST API.


Exchange information with the Meridian Real-Time Console for availability calculations.


Default permissions for a new user to interact with the web UI: can escalate and acknowledge alarms and notifications.

Assigning roles to users

  1. Log in as a user with administrative permissions.

  2. Click the gear icon in the top right.

  3. Choose Configure OpenNMS  Configure Users, Groups and On-Call Roles  Configure Users.

  4. Click the modify icon next to the user you want to update.

  5. Select the role from Security Roles  Available Roles.

  6. Click Add to assign the security role to the user.

  7. Click Finish to apply the changes.

  8. Log out and log in to apply the new security role settings.

Creating custom security roles

To create a custom security role you need to define the name and specify the security permissions.

  • Create a file called $OPENNMS_HOME/etc/

  • Add a property called roles, and for its value, a comma-separated list of the custom security roles, for example:


To define permissions associated with the custom security role, manually update the application context of the Spring security here: