01-03 DMS User Management

iManager N2000 DMS Datacomm Network Management System Administrator Guide
Contents
Contents
3 DMS User Management ...........................................................................................................3-1
3.1 Basic Concepts ..............................................................................................................................................3-2 3.1.1 User......................................................................................................................................................3-2 3.1.2 User Group...........................................................................................................................................3-2 3.1.3 Operation Set .......................................................................................................................................3-3 3.1.4 ACL......................................................................................................................................................3-3 3.1.5 Managed Domain.................................................................................................................................3-3 3.1.6 Operation Rights ..................................................................................................................................3-3 3.1.7 Authority and Domain Based Management .........................................................................................3-4 3.1.8 User Right Allocation Policy ...............................................................................................................3-4 3.2 Creating User Flow Chart .............................................................................................................................3-5 3.3 Creating an Operation Set .............................................................................................................................3-6 3.4 Creating a User Group...................................................................................................................................3-8 3.5 Creating a User............................................................................................................................................3-13 3.5.1 Adding a User ....................................................................................................................................3-13 3.5.2 Adding Users to a User Group ...........................................................................................................3-16 3.5.3 Setting User ACL Rights....................................................................................................................3-17 3.5.4 Granting the Managed Domain to a User...........................................................................................3-19 3.5.5 Granting Operation Rights to a User..................................................................................................3-20 3.6 Forcing a User to Exit .................................................................................................................................3-21 3.7 Sending a Message to Selected Client.........................................................................................................3-22 3.8 Configuration Example for Authority and Domain Based Management.....................................................3-22 3.8.1 Application Scenario ..........................................................................................................................3-22 3.8.2 Configuration Roadmap.....................................................................................................................3-23 3.8.3 Configuration Guide ..........................................................................................................................3-24 3.8.4 Verifying the Configuration Example ................................................................................................3-29
Issue 02 (2007-10-15)
Huawei Technologies Proprietary
Figures
Figures
Figure 3-1 Complete flow chart of creating a user .............................................................................................3-6 Figure 3-2 New operation set .............................................................................................................................3-7 Figure 3-3 Adding operations.............................................................................................................................3-8 Figure 3-4 Creating a new user group ................................................................................................................3-9 Figure 3-5 Adding users ................................................................................................................................... 3-11 Figure 3-6 Setting the managed domain of the user group...............................................................................3-12 Figure 3-7 Adding rights ..................................................................................................................................3-13 Figure 3-8 New users .......................................................................................................................................3-14 Figure 3-9 Advanced information of the users .................................................................................................3-16 Figure 3-10 Adding user groups .......................................................................................................................3-17 Figure 3-11 Adding an ACL .............................................................................................................................3-18 Figure 3-12 Granting the managed domain to a user .......................................................................................3-20 Figure 3-13 Granting operation rights to a user................................................................................................3-21 Figure 3-14 Network planning diagram ...........................................................................................................3-23 Figure 3-15 Management range of the state or provincial user ........................................................................3-24 Figure 3-16 Operation flowchart ......................................................................................................................3-24 Figure 3-17 Setting managed domain for the core monitor group....................................................................3-25 Figure 3-18 Setting the managed domain for the user of User-1......................................................................3-26 Figure 3-19 Setting operation authorities for User Group-1.............................................................................3-27 Figure 3-20 Creating a user ..............................................................................................................................3-28 Figure 3-21 Topology view for the User-1 .......................................................................................................3-29
ii
Issue 02 (2007-10-15)
Tables
Tables
Table 3-1 Security attribute of a user..................................................................................................................3-4 Table 3-2 Parameter description in the new operation set dialog box ................................................................3-7 Table 3-3 Parameter description in the create new user group dialog box .......................................................3-10 Table 3-4 Parameter description of adding new users ......................................................................................3-14
Issue 02 (2007-10-15)
iii
3 DMS User Management
3
About This Chapter
Section 3.1 Basic Concepts 3.2 Creating User Flow Chart 3.3 Creating an Operation Set 3.4 Creating a User Group 3.5 Creating a User
DMS User Management
The following table shows the contents of this chapter. Description This section describes related concepts of DMS user management. This section describes the operation flow chart of creating a user. This section describes how to create an operation set. This section describes how to create a user group. This section describes how to create a user group, allocate users to the user group, set rights of accessing the user address, and allocate the managed domain and operation rights to the user. This section describes how to force a current user to exit. This section describes how to send a message to the selected client. This section describes how to configure example for authority and domain based management.
3.6 Forcing a User to Exit 3.7 Sending a Message to Selected Client 3.8 Configuration Example for Authority and Domain Based Management
Issue 02 (2007-10-15)
3-1
3.1 Basic Concepts

3.1.1 User
DMS users are divided into three kinds: the default admin user, the default corba user, and the other DMS users. After you install the DMS, two default users, the admin user and corba user, are created.
The cobra user is created only after you install the northbound interface components.
admin
The admin user has the highest authority to the DMS and can manage the DMS. When you log in to the DMS for the first time as admin, the default password is N2000. After clicking Login, the system forces you to change the password.
corba
The corba user is used to connect the third party software. The corba user can complete the connection between the third party software and the DMS. The default password is corbaagent. Change the password as soon as possible. By default, the user has no managed domains or operation rights. Generally, the administrator does not need to change the rights of the corba user. Modify the Access Control List (ACL) when the third party NMS is connected to the DMS. For details, see 3.5.3 "Setting User ACL Rights."
Other DMS users

The differences between users are described as follows: The admin user has all operation rights. You do not need to grant rights to the admin user. Only the admin user can assign and modify the security operation rights, create and modify the security user group, and create and delete the security administrator. By default, a DMS server allows only one admin user to log in. You need to grant rights to the corba user. A DMS server allows two or more corba users to log in at the same time. The other DMS users are created by the admin user or the users who have the security management rights. A DMS server allows two or more users to log inn at the same time.
3.1.2 User Group

The user group is group in the device and used to control the access of the user to the network. The DMS provides three default user groups as follows: Maintainer group: Performs the daily maintenance operations. Operator group: Performs the query and configuration operations.
3-2
Issue 02 (2007-10-15)
Monitor group: Performs the query operation. If a user group has the management access to a sub-map, the user group has the management access to all devices in the sub-map.
3.1.3 Operation Set

An operation set is a group of operations. It is a set of operations that are performed on the DMS by the corresponding users. One operation set may contain multiple operations. One operation may belong to multiple operation sets. The NMS predefines different operation sets to different operation types. For the system default operation set, modifying and deleting are not allowed.
3.1.4 ACL
The Access Control List (ACL) is the security mechanism that allows users to log in to the DMS only from a certain IP address or network segment. Security control is achieved at two layers as follows: System ACL You can only select the IP address (IP address network segment), which is used to log in to the DMS server, from some ACL. This ACL is called the system ACL. User ACL Select the IP addresses, which the user can access, to form the user ACL. By the security control at two layers, you can effectively control the IP address, through which the user can log in to the DMS server. Even if the user account and password are embezzled at the same time, the embezzler cannot log in to the DMS server. This ensures the security of the DMS.
3.1.5 Managed Domain

The managed domain specifies the range of devices that a user can manage, or the range of devices that a user group can manage. The limit to the use of the managed domain is shown as follows: A new created user has no rights to manage any resources by default. Common users cannot assign the managed domain to the admin user or to themselves. The devices that a user has no management access are not displayed on the topology view. If a user has no management access to a device, the user cannot obtain the operation access.
3.1.6 Operation Rights

Operation rights specify the operations that a user can perform. The operation rights vary with the operation objects. If a device is not in the managed domain of a user, the user has no rights to operate the device.
Issue 02 (2007-10-15)
3-3
3.1.7 Authority and Domain Based Management

The NMS provides authority and domain based management, which allows different users to manage different objects. Thus, departments from different domains and levels can manage the network coordinately. The authority and domain based management encompasses two parts: authority management and domain management.
Domain Management
Domain management is to classify device nodes, services, or data into different domains, and assign the management authorities to the domain administrator. Then, the managed objects of the domain administrator can be controlled.
Authority Management
Authority management is to classify authorities into different levels such as maintenance authority, operation authority, and monitoring authority. Through the authentication, a user account is valid only in a certain domains and cannot manage other domains.
3.1.8 User Right Allocation Policy

The security attributes of a user include the login time segment, locked status, and bound IP address. For the description of attributes and related operations, see Table 3-1. Table 3-1 Security attribute of a user Right Login time segment Description According to the login time segment, you can control the time when the user logs in to the DMS server. When the user fails to login within the specified attempts (3 attempts by default), the account is locked. The locked user cannot log in to the DMS. Generally, the DMS does not limit the IP address of the client that the user logs in to. Once the user binds the IP address, the IP address of the client, which the user logs in to, must be bound to the IP address list. Operation When creating a user account, configure the information of login time segment. When the time for the locked status exceeds the set time (30 minutes by default), the system automatically unlocks the account. You can manually unlock the account. Change the IP address list bound to the user by modifying the attributes of the user account.
Locked status
Bound IP address
3-4
Issue 02 (2007-10-15)
Right Account expiring time
Description Setting the expiring time of an account, you can enable the account to be invalid after the account exceeds the expiring time.
Operation Set the account to be valid forever when you set up a long-term account. Set expiring days of an account when you set up a temporary account. For maintenance, you can set some accounts to be suspended. Set the password to be valid forever. The user can use the current password. Set the password not to valid forever and set the expiring time of the password to enable the user to modify the password in the certain period of time.
Suspend account Password expiring time
Set the account to be suspended. Setting the expiry of the password, you can enable a user to modify the password in a certain period of time.
3.2 Creating User Flow Chart

The complete flow chart of creating a user contains the operations of creating an operation set, a user group and a user. In the real operation, the system pre-sets many operation sets and user groups. So the administrator only needs to perform the operations described in section 3.5 "Creating a User," if it is not necessary to set a special operation set and user group. Figure 3-1 shows the complete flow chart of creating a user.
Issue 02 (2007-10-15)
3-5
Figure 3-1 Complete flow chart of creating a user

Start
Create operation set
Create a user group
Create a user
End
3.3 Creating an Operation Set

Description
Crating an operation set. In the NMS, a user can define operation sets according to actual management needs. Thus, the user can divide the operation granularity according to different application needs.
Precaution
The user has the right to create an operation set.
Procedure
Step 1 In the NMS, choose System > Security Management. Then the security management interface is displayed. Step 2 On the Security Object navigation tree on the left, choose the Operation Sets node. Right click and choose New Operation Set. Step 3 The New Operation Set dialog box is displayed, as shown in Figure 3-2. Step 4 Configure the parameters Name, Description, Type and Subtype of the operation set. For the description of parameters, see Table 3-2.
3-6
Issue 02 (2007-10-15)
Figure 3-2 New operation set
Table 3-2 Parameter description in the new operation set dialog box Parameter Name Description It refers to the name of an operation set. It is a mandatory item. It cannot be null or be the same with that of an existing operation set. Description Type You can enter other descriptions here. It refers to the security type in the NMS. It must be a string with 0 to 64 characters. It is Fixed Network Device Management by default. It is selected from the drop-down list. Subtype It refers to the subtypes of each security type. It is 3rd-Party Device by default. It is selected from the drop-down list. Setting It must be a string with 1 to 64 characters.
Step 5 Click OK and return to the security management interface. Step 6 On the navigation tree on the left, click the new-created operation set. Select the Operations tab in the working area on the right. Step 7 Click Add. The Add Operation dialog box is displayed, as shown in Figure 3-3. Select the operations contained in the operation set. Click Add to add the operations in the selected box.
Issue 02 (2007-10-15)
3-7
Figure 3-3 Adding operations
Step 8 Click OK and return to the security management interface. Complete the creation of the operation set. ----End
3.4 Creating a User Group

Description
Create a new user group. In the NMS, a user can define a user group according to actual application needs and allocate different rights to the user group. Thus, the rights can be fractionalized.
Precaution
The user has the right to create a user group.
Procedure
Step 1 In the NMS, choose System > Security Management. Then the security management interface is displayed. Step 2 On the Security Object navigation tree on the left, choose the User Groups node. Right click and choose the New User Group menu.
3-8
Issue 02 (2007-10-15)
Step 3 The Create New User Group dialog box is displayed, as shown in Figure 3-4. Configure the Name and Description of the user group. Select the value in Limit maximum number of sessions. If Yes is selected, you need to configure the Maximum number of sessions. . The Set User Group Administrator If it is needed to set the group administrator, click dialog box is displayed. Select the administrator. Click OK and return to the Create New User Group dialog box. For the description of parameters, see Table 3-3. Figure 3-4 Creating a new user group
Issue 02 (2007-10-15)
3-9
Table 3-3 Parameter description in the create new user group dialog box Parameter Name Description It refers to the name of a user group. It is mandatory. It cannot be null or be the same with that of an existing user group. Description Limit maximum number of sessions Maximum number of sessions Group Manager You can enter other descriptions here. It refers to whether the user group is limited by the maximum number of session. It must be a string with 0 to 48 characters. You can select Yes or No. By default, it is No. Setting It must be a string with 1 to 20 characters.
It refers to the maximum number of sessions of the user group. When the Limit maximum number of sessions is Yes, you can configure this parameter. The administrator can add users, allocate the domain and operate the rights.
By default, it is 5. Value range: 05.
By the button , select a group administrator.
Step 4 Click OK and return to the security management interface. Step 5 This step is optional. By this step, you can add the created user to the user group. 1. 2. 3. 4. On the navigation tree on the left, click the new-created user group. Select the Members tab in the working area on the right. Click Add. The Add Operation dialog box is displayed, as shown in Figure 3-5. Select the user to be added to the group. Click Add. Click OK and return to the security management interface.
3-10
Issue 02 (2007-10-15)
Figure 3-5 Adding users
Step 6 On the navigation tree on the left, click the new-created user group. Select the Managed Domain tab in the working area on the right. Step 7 Expand the Submap and the Resource Group, and then corresponding sub-items. Selecting the check box before the device in the AS domain, you can configure the management domain of the device for the user group, as shown in Figure 3-6. Click Apply.
Issue 02 (2007-10-15)
3-11
Figure 3-6 Setting the managed domain of the user group
Step 8 On the navigation tree on the left, click the new-created user group. Select the Operation Rights tab in the working area on the right. 1. 2. 3. Click Add. The Add Right dialog box is displayed, as shown in Figure 3-7. Choose Type, Subtype, Operation Object and Operation. Click Add. Click OK and return to the security management interface.
3-12
Issue 02 (2007-10-15)
Figure 3-7 Adding rights
Step 9 In the navigation tree on the left, click the new user group, and then select the Current Session tab. The user information of the user group is displayed. ----End
3.5 Creating a User

3.5.1 Adding a User
Description
Create a new user.
Precaution
The user has the right to create a new user.
Procedure
Step 1 In the NMS, choose System > Security Management. Then the security management interface is displayed. Step 2 On the Security Object navigation tree on the left, choose the Users node. Right click and choose New User.
Issue 02 (2007-10-15)
3-13
Step 3 The New User dialog box is displayed, as shown in Figure 3-8. For the description of parameters, see Table 3-4. Figure 3-8 New users
Table 3-4 Parameter description of adding new users Parameters Name Description The length of the character string is from 6 to 20. The parameter cannot be null or cannot be the same with that of an existing user group. It is a string with characters less than 80. It shows the full name of the user. This parameter can be null. It is a string with characters less than 245. It is the information that the maintenance personnel needs to describe. This parameter can be null. It is the password of the new-created user and is not null. The length of the character string is from 8 to 16. It must contain a figure and a letter, but not an entire user name or an entire word. It cannot be the incremental, descending, or interval sequence of figures and letters.
Full name Description
Password
3-14
Issue 02 (2007-10-15)
Parameters Confirm password Suspend account Account always valid Account validity(days)
Description Confirm the password. This parameter must be the same with the password. It can be Yes or No. By default, it is No. It can be Yes or No. By default, it is No. If you choose No in the Account validity check box, you can enter the validity days in the box. You can also use the default value 180. It can be Yes or No. By default, it is No. If you select Yes in the Password validity check box, no limit is on the days. If you choose No in the Password validity check box, you can input the validity days in the box. It is 90 days by default. Limit the time when the user logs in to the system. It is any time by default. Click ... on the right to enter the time. Add the time when the Login time dialog box appears. If the user does not log in to the system in the specified period of login, the account of the user is locked. Specifies the maximum days of the interval of user login. When Lock account on no login is Yes, it is 30 days by default. If choosing Must modify password, the user must modify the login password when logging in to the system first time. If you choose Max. online users are restricted, the amount of the online users is limited by the Max. online users. It specifies the amount of the users who is online at the same time. When you choose Yes in the Max. online users are restricted, the amount is valid. The value range is from 1 to 255. It is 30 by default. When the user logs in, the system automatically judges whether the amount of the users reaches the maximum value according to the DMS license. If the amount of users reaches the maximum value, the user fails to log in. It specifies the user groups managed by the user. Choose the user group by clicking .
Password always valid Password validity (days)
Login duration
Lock account on no login No login period(days) Must modify password Max. online users are restricted Max. online users
Managed User Groups
Step 4 Select the Advanced tab. Configure the advanced information of the user, as shown in Figure 3-9. The rights are granted to the user in the advanced information. There are two modes of granting rights, "belong to" and "copy the user rights ". Belong to Select the user group, to which the new user belongs. After the new user is granted to the user group, the user has the management and operation rights of the user group.
Issue 02 (2007-10-15)
3-15
Copy the user rights Copy the user rights to the new user. And then the new user has the management and operation rights of the user whose rights are copied to the new user. Figure 3-9 Advanced information of the users
Step 5 Click OK. ----End
3.5.2 Adding Users to a User Group

Description
Add users to the user group.
Precaution
If you do not allocate the user to the user group, you can directly grant the managed domain and operation rights to the user. After a user is added to the user group, the user has the managed domain and operation rights of the user group.
3-16
Issue 02 (2007-10-15)
If you grant the user group, managed domain and operation rights to the user, the user has the rights of the user group, managed domain and operations.
Procedure
Step 1 On the navigation tree on the left, click the new-created user. Select the Groups tab in the working area on the right. Step 2 Click Add. The Add User Group dialog box is displayed, as shown in Figure 3-10. Step 3 Select the user group that the user belongs to. Click Add. Step 4 Click OK. Complete the operations on the user group that the user belongs to. Figure 3-10 Adding user groups
----End
3.5.3 Setting User ACL Rights

Description
Configure the clients that can log in to the DMS server.
Precaution
If you do not select the Enable user ACL check box, you can log in from any client in the ACL.
Issue 02 (2007-10-15)
3-17
If you select the Enable user ACL check box, you can log in only from the selected client.
Procedure
Step 1 On the navigation tree on the left, click the new-created user group. Select the ACL Setting tab in the working area on the right. Step 2 Click Set ACL. The Set ACL dialog box is displayed. Step 3 Click Add. The Add dialog box is displayed, as shown in Figure 3-11. Step 4 Enter the IP address of the user or the network segment that the user belongs to. Click OK.
The IP address of the network segment is shown in the form of IP network segment address/mask, such as 10.71.60.0/24. That is, the legal user can log in to the server from the client whose IP address ranges from 10.71.60.1 to 10.71.60.254.
Figure 3-11 Adding an ACL
Step 5 Return to the Set ACL dialog box. Click Close. Step 6 In the ACL Setting tab, select the Enable user ACL check box. Select the Access Allowed check box. Set that the user can only access from the selected IP address or network segment. Step 7 Click Apply. ----End
3-18
Issue 02 (2007-10-15)
3.5.4 Granting the Managed Domain to a User

Description
Grant the managed domain to a user. The managed domain of the user can be adjusted based on the rights of the user group. If the user belongs to the default maintenance group, the user has the managed domain of all devices in the submap that can be managed by the user group. If the user does not belong to the default maintenance group, you can adjust and then clarify the resource that can be managed by the user.
Precaution
During the procedure of granting the managed domain to the user, the granted rights cannot exceed the managed domain of the current user.
Procedure
Step 1 Choose System > Security Management. Step 2 On the Users node of the Security Object navigation tree, click the user to be configured. Step 3 Select the Managed Domain tab in the information area displayed on the right of the window. Step 4 Choose the devices that can be managed by the user, as shown in Figure 3-12.
Issue 02 (2007-10-15)
3-19
Figure 3-12 Granting the managed domain to a user
Step 5 Click Apply to grant the managed domain to the user. ----End
3.5.5 Granting Operation Rights to a User

Description
Grant operation rights to a user.
Procedure
Step 1 Choose System > Security Management. Step 2 On the Users node of the Security Object navigation tree, click the user to whom the operation rights are granted. Step 3 Choose the Operation Rights tab in the information area displayed on the right of the window. Step 4 Click Add. Step 5 In the opened Add Right dialog box, select Type and Subtype. Select the operation name. Click Add. Add the name to the operation domain box, as shown in Figure 3-13.
3-20
Issue 02 (2007-10-15)
Figure 3-13 Granting operation rights to a user
Step 6 Click OK to add specified operation rights to the user. ----End
3.6 Forcing a User to Exit

Description
Force the user who logs in to the DMS to exit.
Precaution
Only the user, who has the right of forcing other users to exit, can perform the operation. The admin user can force other users to exit and other users cannot force the admin user to exit.
Procedure
Step 1 Choose System > Security Management. Step 2 On the Security Object navigation tree, choose the Users node. Step 3 Right click the page. In the short-cut menu that is displayed, choose Login User Information. The information of the user who logs in is displayed in the window on the right.
Issue 02 (2007-10-15)
3-21
Step 4 Choose the user who is going to exit forcibly. Right click the page. Choose Force to Exit in the short-cut menu that is displayed. Step 5 In the confirmation dialog box, which is displayed, click OK. ----End
3.7 Sending a Message to Selected Client

Description
Send a message to the specified client or all other clients to enable the users who are in different places to exchange the maintenance information in real time.
Procedure
Step 1 Choose System > Security Management. Step 2 On the Security Object navigation tree, choose the Users node. Step 3 Right click the page. In the short-cut menu that is displayed, choose Login User Information. The information of the user who logs in is displayed in the window on the right. Step 4 Perform the following the two operations: Select the user who receives the message. Right click the page. Choose Send Message to Selected Client, you can send a message to the selected client. In the current user, right click to choose Send Message to All Other Clients. You can send the same message to all other clients. Step 5 In the Send Message to Selected Client or Send Message to All Other Clients dialog box that appears, enter the contents of the message. Click Send. ----End
3.8 Configuration Example for Authority and Domain Based Management

3.8.1 Application Scenario
Corporate users can manage specified Core Router (CR) and Border Router (BR) devices. State or provincial users can do the following: Manage all Access Router (AR) devices inside the state or province Monitor directly-associated BR devices State or provincial users cannot manage CR devices.
3-22
Issue 02 (2007-10-15)
3.8.2 Configuration Roadmap

Figure 3-14 Network planning diagram
User Group-1 and User Group-2 are user groups for a state or province.
Classifying Submap
Classify submaps according to states or provinces, and a state or province corresponds to a submap. A submap contains only AR devices inside the state or province. BR and CR devices locate in the physical view and are not classified, as shown in Figure 3-14.
Classifying User Groups

Core monitor group Manages and monitors specified CR and BR devices, but cannot perform configuration operations. State or provincial user group Manages AR devices in the state or province only, and has operation authorities. Configuration operations to AR devices in the state or province are allowed.
Classifying User Authorities

Create a state or provincial user for each state or province. The user features the following: Belongs to the state or provincial user group and core monitor group. Manages all AR devices in the state or province. Monitors directly-associated BR devices. Figure 3-15 shows the management range of the state or provincial user.
Issue 02 (2007-10-15)
3-23
Figure 3-15 Management range of the state or provincial user
3.8.3 Configuration Guide

Here takes configuring the User-1 user as an example. The configuration of the User-2 user is the same. Figure 3-16 shows the operation flowchart. Figure 3-16 Operation flowchart
Start
Create an operation set
Create the core monitor group
Create the user group-1
Create the user-1
End
3-24
Issue 02 (2007-10-15)
Creating an Operation Set

In the system, there are many types of preset operation sets for operators, watchers, and maintainers. A user can also customize an operation set. For details, see section 3.3 "Creating an Operation Set."
Creating the Core Monitor Group

Step 1 Create the Core Monitor Group. 1. 2. In Security Object navigation tree on the left, select the User Groups node. Right-click it, and select New User Group. The Create New User Group dialog box is displayed. Enter Core Monitor Group as the user group name, and enter description information. 3. Click OK.
Step 2 Set Managed Domain for Core Monitor Group. 1. 2. In navigation tree on the left, click Core Monitor Group, and select the Managed Domain tab in the working area on the right. Expand Submap > Physical Map, select Physical Map, but do not select User Group-1(AR) and User Group-2(AR), as shown in Figure 3-17. The Core Monitor Group can monitor all BR and CR devices. Figure 3-17 Setting managed domain for the core monitor group
3.
Click Apply.
----End
Creating the User Group-1

Step 1 Create the User Group-1. 1. 2. In Security Object navigation tree on the left, select the User Groups node. Right-click it, and select New User Group. The Create New User Group dialog box is displayed. Enter User Group-1 as the user group name, and enter description information. 3. Click OK.
Issue 02 (2007-10-15)
3-25
Step 2 Set Managed Domain for User Group-1. 1. 2. In navigation tree on the left, click User Group-1, and select the Managed Domain tab in the working area on the right. Expand Submap > Physical Map, select User Group-1(AR), as shown in Figure 3-18.
Figure 3-18 Setting the managed domain for the user of User-1
3.
Click Apply.
Step 3 Set Operation Rights for User Group-1. 1. 2. 3. Select the Operation Rights tab in the working area on the right. Click Add. The Add Right dialog box is displayed. Select Network Management Application for Type, select values for Subtype in turn, and add related operator operation sets to the operation authority list. Select Fixed Network Device Management for Type, select values for Subtype in turn, and add related operator operation sets to operation authority list, as shown in Figure 3-19.
3-26
Issue 02 (2007-10-15)
Figure 3-19 Setting operation authorities for User Group-1
4.
Click OK.
----End
Creating the User-1

Step 1 Create a user for User Group-1 1. 2. In Security Object navigation tree on the left, select the Users node. Right-click it, and select New User. Set general information, as shown in Figure 3-20.
Issue 02 (2007-10-15)
3-27
Figure 3-20 Creating a user
3.
Click OK.
Step 2 Set the user group that the User-1 belongs to. 1. 2. Click User-1, and select the Groups tab in the working area on the right. Click Add. The Add User Group dialog box is displayed. 3. 4. Select User Group-1 and Core Monitor Group, and click Add. Click OK.
Step 3 Set the ACL authority for the user. Select the ACL Setting tab in the working area on the right, and set ACL for Area-1 User. For details, see 3.5.3 "Setting User ACL Rights." Step 4 Set the managed domain for User-1. 1. 2. Select the Managed Domain tab, and expand Submap > Physical Map. Select all devices in User Group-1 and all directly-associated BR devices, and click Apply.
Step 5 Set operation rights for User-1. 1. Select the Operation Rights tab in the working area on the right. Click Add.
3-28
Issue 02 (2007-10-15)
The Add Right dialog box is displayed. 2. 3. 4. Select Fixed Network Device Management for Type, select NE40E for Subtype, and then select NE40E-1(BR) in the Operation Object area. Select NE40E Monitor Operation Set, and click Add. Click OK.
----End
3.8.4 Verifying the Configuration Example

Step 1 Log in to the NMS client as the User-1. Figure 3-21 show the topology view. Figure 3-21 Topology view for the User-1
Step 2 Verify the operation authorities of the User-1 to AR and BR devices. The User-1 has operations authorities to all devices in the state or province, but can only monitor directly-associated BR device NE40E-1. ----End
Issue 02 (2007-10-15)
3-29

01-03 DMS User Management

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

01-03 DMS User Management

Uploaded by

Copyright:

Available Formats

iManager N2000 DMS Datacomm Network Management System Administrator Guide

Huawei Technologies Proprietary

iManager N2000 DMS Datacomm Network Management System Administrator Guide

Huawei Technologies Proprietary

iManager N2000 DMS Datacomm Network Management System Administrator Guide

Huawei Technologies Proprietary

iManager N2000 DMS Datacomm Network Management System Administrator Guide

3 DMS User Management

DMS User Management

Huawei Technologies Proprietary

3 DMS User Management

iManager N2000 DMS Datacomm Network Management System Administrator Guide

3.1 Basic Concepts

Other DMS users

3.1.2 User Group

Huawei Technologies Proprietary

iManager N2000 DMS Datacomm Network Management System Administrator Guide

3 DMS User Management

3.1.3 Operation Set

3.1.5 Managed Domain

3.1.6 Operation Rights

Huawei Technologies Proprietary

3 DMS User Management

iManager N2000 DMS Datacomm Network Management System Administrator Guide

3.1.7 Authority and Domain Based Management

3.1.8 User Right Allocation Policy

Huawei Technologies Proprietary

iManager N2000 DMS Datacomm Network Management System Administrator Guide

3 DMS User Management

Right Account expiring time

Suspend account Password expiring time

3.2 Creating User Flow Chart

Huawei Technologies Proprietary

3 DMS User Management

iManager N2000 DMS Datacomm Network Management System Administrator Guide

Figure 3-1 Complete flow chart of creating a user

Create operation set

Create a user group

3.3 Creating an Operation Set

Huawei Technologies Proprietary

iManager N2000 DMS Datacomm Network Management System Administrator Guide

3 DMS User Management

Figure 3-2 New operation set

Huawei Technologies Proprietary

3 DMS User Management

iManager N2000 DMS Datacomm Network Management System Administrator Guide

Figure 3-3 Adding operations

3.4 Creating a User Group

Huawei Technologies Proprietary

iManager N2000 DMS Datacomm Network Management System Administrator Guide

3 DMS User Management

Huawei Technologies Proprietary

3 DMS User Management

iManager N2000 DMS Datacomm Network Management System Administrator Guide

By default, it is 5. Value range: 05.

By the button , select a group administrator.

Huawei Technologies Proprietary

iManager N2000 DMS Datacomm Network Management System Administrator Guide

3 DMS User Management

Figure 3-5 Adding users

Huawei Technologies Proprietary

3 DMS User Management

iManager N2000 DMS Datacomm Network Management System Administrator Guide

Figure 3-6 Setting the managed domain of the user group