Hi all,
I want to create new user for just view and restricted to cdr tab and realtime date tab
please give me help
Yeti Admin ver: 1.9.9. Routing ver 20191018180427. CDR ver 20190707214813
Thanks
Hi.
Just add new role to /opt/yeti-web/config/policy_roles.yml and then assign it to user at web interface System->Admin Users
1 Like
You have to restart yeti-web service to apply changes of /opt/yeti-web/config/policy_roles.yml
1 Like
excellent
Thanks
Greetings Dmitry,
Can you share syntax/content to allow a network support user to only access Routing Simulation option/access?
Thanks
tried default file policy_roles.yml.distr to rename as policy_roles.yml but getting error like
/opt/yeti-web/config/policy_roles.yml:1: syntax error, unexpected ‘:’, expecting end-of-input
user:
Error: popping nterm program (1.0-1.4: )
================
| Ui Version | 1.13.28 |
|---|---|
| Routing Version | 20250601164825 |
| Cdr Version | 20250321212727 |
| Ruby | 3.3.5/x86_64-linux/2024-09-03 |
Any suggestions ?
You could try
restricted_user:
Routing/RoutingSimulation:
read: true
Thanks Tried this but getting this error
tried default file policy_roles.yml.distr to rename as policy_roles.yml but getting error like
/opt/yeti-web/config/policy_roles.yml:1: syntax error, unexpected ‘:’, expecting end-of-input
user:
Error: popping nterm program (1.0-1.4: )
================
| Ui Version | 1.13.28 |
|---|---|
| Routing Version | 20250601164825 |
| Cdr Version | 20250321212727 |
| Ruby | 3.3.5/x86_64-linux/2024-09-03 |
I tried debugging the issue and found these results
# cat /opt/yeti-web/.ruby-version
3.3.5
&
cat /opt/yeti-web/Gemfile | grep "ruby"
source ‘https://rubygems.org’
can be switched back to the original repo after ruby 3 fix PR merged
gem ‘excelinator’, github: ‘senid231/excelinator’, branch: ‘ruby3-fix’
TODO: switch to the official gem from rubygems.org after the 0.9.13 release
gem ‘sentry-ruby’, require: false
GitHub - rubyconfig/config: Easiest way to add multi-environment yaml settings to Rails, Sinatra, Padrino and other Ruby projects.
Yeti requires Ruby 3.3.5, but the system has Ruby 3.1.2. This version mismatch is causing the YAML parsing issue.- So i am not sure if i upgrade the version to 3.1.2 to 3.3.5 will it effect functionality of others scripts!
Please advise
Thanks
We are providing there support for yeti installed according to our documentation, from our debian packages. If you installed it in some different way like building from sources yourself or using other OS - we can’t help you within this forum.
If your yeti installed according to our documentation - it uses ruby 3.3.5 and your statement:
Yeti requires Ruby 3.3.5, but the system has Ruby 3.1.2. This version mismatch is causing the YA-ML parsing issue
is wrong. In this case you likely have incorrect yml file, you are not providing it there so it is not possible to check.
We followed exactly the way its documented
| Ui Version | 1.13.28 |
|---|---|
| Routing Version | 20250601164825 |
| Cdr Version | 20250321212727 |
| Ruby | 3.3.5/x86_64-linux/2024-09-03 |
& here is policy_roles.yml
user:
Default:
read: true
change: true
remove: true
perform: true
System/AdminUser:
change: false
remove: false
perform: false
System/AdminUser/Self:
remove: false
Cdr/Cdr:
allow_full_dst_number: false
recording: true
pcap: true
Report/CustomerAuthStatistic:
change: false
remove: false
perform: false
Gateway:
allow_incoming_auth_credentials: false
Dashboard:
read: true # should be true for all users
details: true # to control access to content of dashboard details page
reporter:
Default:
read: true
it doesn’t looks as yaml.
policy_roles.yml (509 Bytes)
Attached here- this is the exact replica of policy_roles.yml.distr
first line of policy_roles.yml.distr in version 1.13.28:
user:
first line of your file:
---
It doesn’t look as exact replica of policy_roles.yml.distr
yes you are correct- we tried to followed 3.1.2 format — which is beginning of codes. removed it and the result is still the same.
# cat policy_roles.yml
user:
Default:
read: true
change: true
remove: true
perform: true
System/AdminUser:
change: false
remove: false
perform: false
System/AdminUser/Self:
remove: false
Cdr/Cdr:
allow_full_dst_number: false
recording: true
pcap: true
Report/CustomerAuthStatistic:
change: false
remove: false
perform: false
Gateway:
allow_incoming_auth_credentials: false
Dashboard:
read: true
details: true
reporter:
Default:
read: true
to test yaml file
# ruby -y policy_roles.yml
Starting parse
Entering state 0
Reducing stack by rule 1 (line 1327):
lex_state: NONE -> BEG at line 1328
vtable_alloc:12570: 0x000055d693a4ea70
vtable_alloc:12571: 0x000055d693a4ead0
cmdarg_stack(push): 0 at line 12584
cond_stack(push): 0 at line 12585
-> $$ = nterm $@1 (1.0-1.0: )
Stack now 0
Entering state 2
Reading a token:
lex_state: BEG -> CMDARG at line 9214
Next token is token "local variable or method" (1.0-1.4: user)
Shifting token "local variable or method" (1.0-1.4: user)
Entering state 35
Reading a token:
lex_state: CMDARG -> BEG at line 9762
Next token is token ':' (1.4-1.5: )
Reducing stack by rule 649 (line 5059):
$1 = token "local variable or method" (1.0-1.4: user)
-> $$ = nterm user_variable (1.0-1.4: )
Stack now 0 2
Entering state 121
Next token is token ':' (1.4-1.5: )
Reducing stack by rule 661 (line 5075):
$1 = nterm user_variable (1.0-1.4: )
-> $$ = nterm var_ref (1.0-1.4: )
Stack now 0 2
Entering state 123
Reducing stack by rule 315 (line 2946):
$1 = nterm var_ref (1.0-1.4: )
-> $$ = nterm primary (1.0-1.4: )
Stack now 0 2
Entering state 90
Next token is token ':' (1.4-1.5: )
Reducing stack by rule 261 (line 2641):
$1 = nterm primary (1.0-1.4: )
-> $$ = nterm arg (1.0-1.4: )
Stack now 0 2
Entering state 88
Next token is token ':' (1.4-1.5: )
Reducing stack by rule 64 (line 1792):
$1 = nterm arg (1.0-1.4: )
-> $$ = nterm expr (1.0-1.4: )
Stack now 0 2
Entering state 75
Next token is token ':' (1.4-1.5: )
Reducing stack by rule 39 (line 1608):
$1 = nterm expr (1.0-1.4: )
-> $$ = nterm stmt (1.0-1.4: )
Stack now 0 2
Entering state 73
Next token is token ':' (1.4-1.5: )
Reducing stack by rule 8 (line 1386):
$1 = nterm stmt (1.0-1.4: )
-> $$ = nterm top_stmt (1.0-1.4: )
Stack now 0 2
Entering state 72
Reducing stack by rule 5 (line 1366):
$1 = nterm top_stmt (1.0-1.4: )
-> $$ = nterm top_stmts (1.0-1.4: )
Stack now 0 2
Entering state 71
Next token is token ':' (1.4-1.5: )
Reducing stack by rule 768 (line 5743):
-> $$ = nterm opt_terms (1.4-1.4: )
Stack now 0 2 71
Entering state 314
Reducing stack by rule 3 (line 1353):
$1 = nterm top_stmts (1.0-1.4: )
$2 = nterm opt_terms (1.4-1.4: )
-> $$ = nterm top_compstmt (1.0-1.4: )
Stack now 0 2
Entering state 70
Reducing stack by rule 2 (line 1327):
$1 = nterm $@1 (1.0-1.0: )
$2 = nterm top_compstmt (1.0-1.4: )
vtable_free:12604: p->lvtbl->args(0x000055d693a4ea70)
vtable_free:12605: p->lvtbl->vars(0x000055d693a4ead0)
cmdarg_stack(pop): 0 at line 12606
cond_stack(pop): 0 at line 12607
-> $$ = nterm program (1.0-1.4: )
Stack now 0
Entering state 1
Next token is token ':' (1.4-1.5: )
policy_roles.yml:1: syntax error, unexpected ':', expecting end-of-input
user:
Error: popping nterm program (1.0-1.4: )
Stack now 0
Cleanup: discarding lookahead token ':' (1.4-1.5: )
Stack now 0
you can observe the issue persist
policy_roles.yml:1: syntax error, unexpected ':', expecting end-of-input
user:
No, I can not. You providing output of ruby -y policy_roles.yml with completely different version of ruby. I need error raised by our software. You have to start yeti-web service and provide error it return.
Could you also explain why you expecting ruby -y to parse yaml files?
changed policy_roles.yml
# cat policy_roles.yml
restricted_user:
Routing/RoutingSimulation:
read: true
restarted yeti-web and yeti-delayed-job
systemctl restart yeti-web yeti-delayed-job
both services are running!
but landed in some other issue
# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# systemctl status yeti-web
● yeti-web.service - YETI system web interface
Loaded: loaded (/lib/systemd/system/yeti-web.service; enabled; preset: enabled)
Active: active (running) since Thu 2025-09-04 02:23:16 UTC; 10min ago
Docs: https://yeti-switch.org/docs/
Main PID: 1134 (bundle)
Tasks: 30 (limit: 9468)
Memory: 311.9M
CPU: 6.055s
CGroup: /system.slice/yeti-web.service
├─1134 "puma 6.5.0 (unix:///run/yeti/yeti-unicorn.sock) [/]"
├─1218 "puma: cluster worker 0: 1134 [/]"
└─1223 "puma: cluster worker 1: 1134 [/]"
Sep 04 02:28:55 wholesale ruby[1218]: 2025-09-04 02:28:55.647658 I [1218:puma srv tp 002] {request_id: 919946b3-b196-440d-8455-18c6c8fa4581} Rails ->
Sep 04 02:28:55 wholesale ruby[1218]: 2025-09-04 02:28:55.647746 I [1218:puma srv tp 002] {request_id: 919946b3-b196-440d-8455-18c6c8fa4581} (2.942m>
Sep 04 02:29:21 wholesale ruby[1134]: [1134] 2025-09-04 02:29:21 +0000: PumaWorkerKiller: Consuming 677.0546875 mb with master and 2 workers.
Sep 04 02:30:03 wholesale ruby[1223]: 2025-09-04 02:30:03.172061 I [1223:puma srv tp 002] {request_id: b294dd9e-fab0-47d1-ac09-d2e817a8817b} (0.618m>
Sep 04 02:30:03 wholesale ruby[1223]: 2025-09-04 02:30:03.471819 I [1223:puma srv tp 001] {request_id: 3bbba43e-4c51-48bf-86d1-2b913d6420b3} (6.176m>
Sep 04 02:30:03 wholesale ruby[1223]: 2025-09-04 02:30:03.858848 I [1223:puma srv tp 002] {request_id: 7f2d4809-d08a-41c9-8f2d-0fee44f62ef2} (3.600m>
Sep 04 02:30:04 wholesale ruby[1223]: 2025-09-04 02:30:04.211685 I [1223:puma srv tp 001] {request_id: c912f4ca-b8f7-4f20-bb49-8dc82802d07b} (1.594m>
Sep 04 02:30:04 wholesale ruby[1218]: 2025-09-04 02:30:04.501545 I [1218:puma srv tp 001] {request_id: 388303eb-5a04-47c1-a1a7-0dc34a2b76bf} (2.406m>
Sep 04 02:31:21 wholesale ruby[1134]: [1134] 2025-09-04 02:31:21 +0000: PumaWorkerKiller: Consuming 677.7734375 mb with master and 2 workers.
Sep 04 02:33:21 wholesale ruby[1134]: [1134] 2025-09-04 02:33:21 +0000: PumaWorkerKiller: Consuming 677.93359375 mb with master and 2 workers.
restarted all services, but now web-admin does not trurn-up
can you suggest?
Okay, here is my observation- with the contents in policy_roles.yml
restricted_user:
Routing/RoutingSimulation:
read: true
it failed when restricted_user tries to login with the following issue
This page isn’t working at the moment
xxx.xxx.xxx.xx redirected you too many times.
but if we add the following under restricted_user:
restricted_user:
Default:
read: true
Routing/RoutingSimulation:
read: true
The yeti web admin works! with restricted_user, but all the menus are open for read (view) to the restricted_user. whereas if we look to restrict/block the roles of restricted user to block view Dashboard/Profitability, Billing/accounts etc or only allow support specific roles. how we can achieve specific task/menu
We assume the policy_roles are working fine but in absence of correct policy/properties, its not able to load dashboard as targeted and is throwing error as mentioned above.
Please advise; how we can achieve specific task/menu
Thanks
Any suggestions/feedback on this post is highly appreciable!
Thanks
@dmitry.s @majidmrtg
I suggest you to provide logs.