Upload
tonzkosgei
View
218
Download
0
Embed Size (px)
Citation preview
7/25/2019 01-03 Managing the Authority of the GGSN9811
1/18
3Managing the Authority of the GGSN9811About This Chapter
The GGSN9811 offers a wide rage of operation and maintenance commands. The commands
are categorized into different command groups in terms of functions and influence on the device,
which facilitates the management. Meanwhile, the users are divided into groups with different
authorities. The command groups are specific to different users. This is to facilitate the operation
and management and improve the system security.
3.1 Basic Concepts
This part describes the basic concepts of the office, user type, user name, and password regarding
the authority management.
3.2 ManagingOperators of the GGSN9811
The operator's account can be managed only by the admin user, administrator, and custom user
with relevant authority.
3.3 ManagingCommand Groups
The command groups can be managed only by the admin user, administrator, and custom user
with relevant authority.
3.4 Managing User Passwords
This part describes how to manage the passwords by setting and querying the password policy
or modifying the password.
HUAWEI GGSN9811 Gateway GPRS Support Node
Operation Guide 3 Managing the Authority of the GGSN9811
Issue 03 (2008-04-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd
3-1
7/25/2019 01-03 Managing the Authority of the GGSN9811
2/18
3.1 Basic ConceptsThis part describes the basic concepts of the office, user type, user name, and password regarding
the authority management.
3.1.1 User Types
The local maintenance terminal (LMT) allows only two types of users to log in to the network
element (NE), that is, domain users and local users.
3.1.2 Operator Authority
The operator authority contains five levels, that is, guest, user, operator, administrator, and
custom user.
3.1.3 User Names and Passwords
This part describes the restrictions to the user name and password, as well as the default operator.
3.1.4 Operation Time Limit
The admin user, administrator, and custom user with related authority can enable that the
operator can operate the local maintenance terminal (LMT) only within a certain period. This
period is called time limit.
3.1.5 Command Groups
A command group is a set of commands. The commands are categorized into command groups,
and then the command groups are assigned to users with different authorities. In this case, the
authority of the operator can be managed. One command can belong to different command
groups.
3.1.1 User Types
The local maintenance terminal (LMT) allows only two types of users to log in to the network
element (NE), that is, domain users and local users.
The local users are managed by the NE; however, the domain users are managed by network
management system (NMS) and can log in to the NE. Table 3-1lists the difference.
Table 3-1Difference between the domain user and the local user
Operation Target Domain User Local User
Information such as user login and
authentication
Saved in the M2000. Saved in the NE.
Adding, modifying, deleting, or
querying the user
Realized on the
M2000.
Realized on the NE.
Procedure for user login and password
modification
The request is sent to
the M2000. After
receiving the request,
the M2000 sends
back the
authentication result
(success or failure) to
the NE.
Realized on the NE.
3 Managing the Authority of the GGSN9811
HUAWEI GGSN9811 Gateway GPRS Support Node
Operation Guide
3-2 Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd
Issue 03 (2008-04-10)
7/25/2019 01-03 Managing the Authority of the GGSN9811
3/18
3.1.2 Operator Authority
The operator authority contains five levels, that is, guest, user, operator, administrator, and
custom user.
Table 3-2Operator authority levels
AuthorityLevel
Data Query SystemMaintenance
DataConfiguration
Administration
Guest
User
Operator
Administrat
or
Custom When a user name is added, the authority for adding any combination of
command groups is available.
The commands for the guest, user, operator, and administrator are predefined in the system and
cannot be modified. The symbol indicates the available authority. The data query command,
system maintenance command, data configuration command, and operator management
command correspond to the authorities mentioned in the preceding table.
The authority of the custom user is defined by determining the command groups that can be used
by the custom user. The name of the command group and the commands in the command group
can be set based on the actual needs. Thus, the authority of the operator can be set in a flexible
way.
The custom user can add the authorities such as management, data query, system maintenance,
and data configuration.
3.1.3 User Names and Passwords
This part describes the restrictions to the user name and password, as well as the default operator.
The user name can contain up to 32 characters made up of letters and digits. The user name is
not case sensitive and must start with a letter.
The password is composed of 6 to 32 characters containing only alphabets, digits, and special
characters. The password is case sensitive.
HUAWEI GGSN9811 Gateway GPRS Support Node
Operation Guide 3 Managing the Authority of the GGSN9811
Issue 03 (2008-04-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd
3-3
7/25/2019 01-03 Managing the Authority of the GGSN9811
4/18
NOTE
The special characters include: ~, !, @, #, $, %, ^, &, *, (, ),_, +, -, {, }, |, [, ], \, :, , ?, ., /, and space.
The following characters are prohibited: ,, ;, =, ", and '.
The following combinations are prohibited:
l Two or more %
l Two or more space
l Start identifiers of MML packets +++
l End identifiers of MML packets ---
By default, the user name is adminand the initial password is admin. The admin user enjoys
the highest authority and can run all the commands. The admin user can add the other users and
cannot be deleted. The password of the admin user can be changed only by this user.
NOTE
l All the operators can modify their own passwords.
l The admin user can modify the passwords of all users.
l The administrator and the custom user with related authority can change the passwords of the users
except the admin user.
3.1.4 Operation Time Limit
The admin user, administrator, and custom user with related authority can enable that the
operator can operate the local maintenance terminal (LMT) only within a certain period. This
period is called time limit.
The operation period is determined by the date, week, and time.
Table 3-3lists the examples of the operation time limit.
Table 3-3Examples of the operation time limit
Index Date Week Time Period
Exampl
e 1
2006-08-01 to
2007-08-01
Monday to
Friday
8:00:00 to
18:00:00
From 8:00:00 to 18:00:00;
Monday to Friday;
2006-08-01 to 2007-08-01
Exampl
e 2
Saturday and
Sunday
Saturday and Sunday
Exampl
e 3
No time limit
3.1.5 Command Groups
A command group is a set of commands. The commands are categorized into command groups,
and then the command groups are assigned to users with different authorities. In this case, the
authority of the operator can be managed. One command can belong to different command
groups.
The system defines 32 command groups. Here:
3 Managing the Authority of the GGSN9811
HUAWEI GGSN9811 Gateway GPRS Support Node
Operation Guide
3-4 Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd
Issue 03 (2008-04-10)
7/25/2019 01-03 Managing the Authority of the GGSN9811
5/18
l G_0 to G_10: default command groups. The command in the command group cannot be
added or deleted.
l G_11 to G_31: customized command groups
Table 3-4lists the command groups.
Table 3-4Description of command groups
Command Group Authority Description
G_0 Guest group Predefined MML
command groups.
The commands in the
group cannot be
modified; however,
they can be queried.
G_1 Alarm management
G_2 Performance query
G_3 Performance management
G_4 Trace query
G_5 Trace management
G_6 Configuration query
G_7 Configuration management
G_8 Device query
G_9 System group
G_10 Alarm query
G_11 to G_31 User-difined command groups The commands in
these groups can be
queried and
modified.
3.2 Managing Operators of the GGSN9811
The operator's account can be managed only by the admin user, administrator, and custom user
with relevant authority.
3.2.1 Adding the Account of an Operator
This part describes how to add the account of an operator and how to set the password, definition,
command groups (only for custom user), and operation time limit.
3.2.2 Querying the Information of an Operator
This part describes how to query the information of a specified operator or all operators.
3.2.3 Modifying the Information of an Operator
This part describes how to modify the information of an operator, including the description,
password, definition, authority, and operation time limit. All the information rather than the
password takes effect after being modified.
3.2.4 Deleting the Account of an Operator
HUAWEI GGSN9811 Gateway GPRS Support Node
Operation Guide 3 Managing the Authority of the GGSN9811
Issue 03 (2008-04-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd
3-5
7/25/2019 01-03 Managing the Authority of the GGSN9811
6/18
This part describes how to delete the account of an operator. The admin account cannot be
deleted.
3.2.5 Disconnecting the LMT Client
This part describes how to disconnect the local maintenance terminal (LMT) client. The LMT
client refers to the LMT programs, including the operation & maintenance system, trace viewer,alarm system.
3.2.6 Setting the Locking/Unlocking Function
This part describes how to lock and unlock the local accounts excluding the admin account.
3.2.7 Querying Locking/Unlocking Status
This part describes how to query the status of local non-default accounts.
3.2.8 Unlocking User Accounts Manually
This part describes how to manually unlock the local user accounts.
3.2.1 Adding the Account of an OperatorThis part describes how to add the account of an operator and how to set the password, definition,
command groups (only for custom user), and operation time limit.
Prerequisite
l The local maintenance terminal (LMT) is started.
l The user logs in to the GGSN9811 as an operator with the operation authority.
Context
This operation is valid only for local users.
NOTE
The operator's account can be added only by the admin, administrator, and custom operator with relevant
authority.
You can add the user name of an operator in the following ways.
Procedure
l Through the menu
1. Choose Authority > Account> Add...on the LMT. The Operator Management
dialog box is displayed. Refer to Figure 3-1.
3 Managing the Authority of the GGSN9811
HUAWEI GGSN9811 Gateway GPRS Support Node
Operation Guide
3-6 Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd
Issue 03 (2008-04-10)
7/25/2019 01-03 Managing the Authority of the GGSN9811
7/18
Figure 3-1Operator Managementdialog box
2. Enter the user name and password and set the definition in the dialog box. If
Customis selected, specify the command groups to set Authority Limit.3. Set the operation time limit according to the actual needs.
4. Click OK. If the adding succeeds, a Confirmprompt is displayed, asking you whether
to add more?
5. Click Yesto add the account of the operator. Click Noto cancel the addition.
l Through the MML command
1. Run ADD OPto add the account of the operator.
WARNING
The account to be added must be different from the existing ones.
----End
3.2.2 Querying the Information of an Operator
This part describes how to query the information of a specified operator or all operators.
Prerequisite
l The local maintenance terminal (LMT) is started.
HUAWEI GGSN9811 Gateway GPRS Support Node
Operation Guide 3 Managing the Authority of the GGSN9811
Issue 03 (2008-04-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd
3-7
7/25/2019 01-03 Managing the Authority of the GGSN9811
8/18
l The user logs in to the GGSN9811 as an operator with the operation authority.
Context
This operation is valid only for local users.l If the account of the operator is not specified, the system displays the names and status
information of all operators. In addition, the currently used IP addresses, service, and login
time of the online operators are also displayed.
l If the account of the operator is specified, the system displays the name, description,
password, operation time limit, status, and command groups.
Procedure
Run LST OPto list the information of the operator.
----End
3.2.3 Modifying the Information of an Operator
This part describes how to modify the information of an operator, including the description,
password, definition, authority, and operation time limit. All the information rather than the
password takes effect after being modified.
Prerequisite
l The local maintenance terminal (LMT) is started.
l The user logs in to the GGSN9811 as an operator with the operation authority.
Context
This operation is valid only for local users.
NOTE
The operator's account can be modified only by the admin user, administrator, and custom user with relevant
authority.
You can modify the information of an operator in the following ways.
Procedure
l Through the menu
1. Choose Authority > Account > Modify...on the LMT.
The Modify Operatordialog box is displayed. Refer to Figure 3-2.
3 Managing the Authority of the GGSN9811
HUAWEI GGSN9811 Gateway GPRS Support Node
Operation Guide
3-8 Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd
Issue 03 (2008-04-10)
7/25/2019 01-03 Managing the Authority of the GGSN9811
9/18
Figure 3-2Modify Operatordialog box
2. Select the account of an operator, and click Modify.
The Operator Managementdialog box is displayed. The dialog box displays the
information of the operator to be modified. Refer to Figure 3-3.
Figure 3-3Operator Managementdialog box
3. Modify the information of the operator, and then click OK. The Modification
succeeded.prompt is displayed.
HUAWEI GGSN9811 Gateway GPRS Support Node
Operation Guide 3 Managing the Authority of the GGSN9811
Issue 03 (2008-04-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd
3-9
7/25/2019 01-03 Managing the Authority of the GGSN9811
10/18
4. Click OK.
l Through the MML command
1. Run MOD OPto modify the information of the operator.
----End
3.2.4 Deleting the Account of an Operator
This part describes how to delete the account of an operator. The admin account cannot be
deleted.
Prerequisite
l The local maintenance terminal (LMT) is started.
l The user logs in to the GGSN9811 as an operator with the operation authority.
Context
This operation is valid only for local users. The admin account cannot be deleted.
NOTE
The operator's account can be deleted only by the admin user, administrator, and custom user with relevant
authority.
You can delete the account of an operator in the following ways.
Procedure
l Through the menu1. Choose Authority> Account> Delete...on the LMT. The Delete Operatordialog
box is displayed. Refer to Figure 3-4.
Figure 3-4Delete Operatordialog box
2. Select the account of an operator to be deleted, and then click Delete. TheConfirmationprompt is displayed.
3 Managing the Authority of the GGSN9811
HUAWEI GGSN9811 Gateway GPRS Support Node
Operation Guide
3-10 Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd
Issue 03 (2008-04-10)
7/25/2019 01-03 Managing the Authority of the GGSN9811
11/18
3. Click Yesto delete the account. The Delete Operatordialog box is displayed.
4. Repeat Step 2if you need to delete other accounts. Otherwise, click Close.
l Through the MML command
1. Run RMV OPto delete the account of the operator.
----End
3.2.5 Disconnecting the LMT Client
This part describes how to disconnect the local maintenance terminal (LMT) client. The LMT
client refers to the LMT programs, including the operation & maintenance system, trace viewer,
alarm system.
Prerequisite
l The LMT is started.
l The user logs in to the GGSN9811 as an operator with the operation authority.
Context
NOTE
Running this command can disconnect the specified network element (NE) from the LMT client. Thus,
run this command with caution.
Procedure
Step 1 Run DSP LNKto display the information of the current client.
Step 2 Run RMV LNKto disconnect the client.
----End
3.2.6 Setting the Locking/Unlocking Function
This part describes how to lock and unlock the local accounts excluding the admin account.
Prerequisite
l The local maintenance terminal (LMT) is started.
l The admin logs in to the GGSN9811.
Context
Lock or unlock the local non-default accounts. The administrator can lock all the local non-
default accounts, and then disable the function of managing the local users.
CAUTION
The local non-default accounts can be locked or unlocked only by the admin user.
If a non-default account is locked, the locked user cannot log in to the network element (NE)
through the LMT.
HUAWEI GGSN9811 Gateway GPRS Support Node
Operation Guide 3 Managing the Authority of the GGSN9811
Issue 03 (2008-04-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd
3-11
7/25/2019 01-03 Managing the Authority of the GGSN9811
12/18
Procedure
Run SET OPLOCKto lock or unlock the local non-default accounts.
----End
3.2.7 Querying Locking/Unlocking Status
This part describes how to query the status of local non-default accounts.
Prerequisite
l The local maintenance terminal (LMT) is started.
l The user logs in to the GGSN9811.
ContextAll users can query the status of all local accounts rather than the admin user.
Procedure
Run LST OPLOCKto query the locking or unlocking status of local non-default accounts.
----End
3.2.8 Unlocking User Accounts Manually
This part describes how to manually unlock the local user accounts.
Prerequisite
l The local maintenance terminal (LMT) is started.
l The administrator logs in to the GGSN9811.
Context
Running ULK USRcan unlock only the account of the user who enters the wrong passwords
continually. That is, some local non-default accounts cannot be unlocked by using ULK USR.
The times of entering the wrong password are cleared when you unlock the user that is not locked
by using ULK USR.
NOTE
The local accounts can be unlocked only by the administrator.
Procedure
Run ULK USRto unlock the local user accounts.
----End
3 Managing the Authority of the GGSN9811
HUAWEI GGSN9811 Gateway GPRS Support Node
Operation Guide
3-12 Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd
Issue 03 (2008-04-10)
7/25/2019 01-03 Managing the Authority of the GGSN9811
13/18
3.3 Managing Command Groups
The command groups can be managed only by the admin user, administrator, and custom user
with relevant authority.
3.3.1 Querying Information of Command Groups
The system provides 32 command groups ranging from G_0 to G_31.
3.3.2 Setting the Name of a Command Group
The names of default command groups G_0 to G_10 cannot be modified. The command groups
G_11 to G_31 are customized, and thus you can modify the names of these command groups.
3.3.3 Modifying Commands in Command Groups
The command groups G_0 to G_10 are default, and thus the commands in these command groups
cannot be added or deleted. The command groups G_11 to G_31 are customized, and thus you
can modify the commands in these command groups.
3.3.1 Querying Information of Command Groups
The system provides 32 command groups ranging from G_0 to G_31.
Prerequisite
l The local maintenance terminal (LMT) is started.
l The user logs in to the GGSN9811 as an operator with the operation authority.
Context
This operation is valid only for local users.
NOTE
The operator's account can be added only by the admin, administrator, and custom operator with relevant
authority.
Procedure
Run LST CCGto list the commands in the command group.
----End
3.3.2 Setting the Name of a Command GroupThe names of default command groups G_0 to G_10 cannot be modified. The command groups
G_11 to G_31 are customized, and thus you can modify the names of these command groups.
Prerequisite
l The local maintenance terminal (LMT) is started.
l The userlogs in to the GGSN9811 as an operator with the operation authority.
Context
This operation is valid only for local users.
HUAWEI GGSN9811 Gateway GPRS Support Node
Operation Guide 3 Managing the Authority of the GGSN9811
Issue 03 (2008-04-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd
3-13
7/25/2019 01-03 Managing the Authority of the GGSN9811
14/18
NOTE
The operator's account can be added only by the admin, administrator, and custom operator with relevant
authority.
You can set the names of the command groups in the following ways.
Procedure
l Through the menu
1. Choose Authority> Command Group> Set Command Group Name...on the
LMT. The Set Command Group Namedialog box is displayed. Refer to Figure
3-5.
Figure 3-5Set Command Group Namedialog box
2. Select a command group in Command Groupand enter a name of a command group
in Command Group Name.3. Click Set. If the operation succeeds, the Operation succeeded.prompt is
displayed.
4. Click OK. Then, the Set Command Group Namedialog box disappears.
l Through the MML command
1. Run LST CCGNto list the name of the command group.
NOTE
You can run LST CCGNto list the names of command groups G_0 to G_31 or those of
specified command groups.
2. Run SET CCGNto set the name of the command group.
----End
3.3.3 Modifying Commands in Command Groups
The command groups G_0 to G_10 are default, and thus the commands in these command groups
cannot be added or deleted. The command groups G_11 to G_31 are customized, and thus you
can modify the commands in these command groups.
Prerequisite
l The local maintenance terminal (LMT) is started.
l The user logs in to the GGSN9811 as an operator with the operation authority.
3 Managing the Authority of the GGSN9811
HUAWEI GGSN9811 Gateway GPRS Support Node
Operation Guide
3-14 Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd
Issue 03 (2008-04-10)
7/25/2019 01-03 Managing the Authority of the GGSN9811
15/18
Context
This operation is valid only for local users.
NOTE
The operator's account can be added only by the admin, administrator, and custom operator with relevant
authority.
You can modify the commands in the command groups in the following ways.
Procedure
l Through the menu
1. Choose Authority> Command Group> Modify Command Group...on the LMT.
The Modify Command Groupdialog box is displayed. Refer to Figure 3-6.
Figure 3-6Modify Command Groupdialog box
2. Select a command group among G_11 to G_31, such as G_11.
3. Select the commands to be added to the command group or deselect the commands
to be deleted in the check box. Set the name of the command group according to the
actual needs.
4. Click OK. Then, the Modify Command Groupdialog box disappears.
l Through the MML command
1. Run LST CCGto list the commands in the command group.
2. Run ADD CCGto add a command to the command group.
3. Run RMV CCGto remove a command from the command group.
----End
3.4 Managing User PasswordsThis part describes how to manage the passwords by setting and querying the password policy
or modifying the password.
3.4.1 Setting the Password Policy
HUAWEI GGSN9811 Gateway GPRS Support Node
Operation Guide 3 Managing the Authority of the GGSN9811
Issue 03 (2008-04-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd
3-15
7/25/2019 01-03 Managing the Authority of the GGSN9811
16/18
The administrator can set the minimum length of the password, password complexity, maximum
times for allowing wrong passwords, and automatic unlocking period.
3.4.2 Querying the Password Policy
This part describes how to query the password policy that the user must comply with for login.
3.4.3 Changing the Password
This part describes how to change the password. All the operators can modify their own
passwords.
3.4.1 Setting the Password Policy
The administrator can set the minimum length of the password, password complexity, maximum
times for allowing wrong passwords, and automatic unlocking period.
Prerequisite
l
The local maintenance terminal (LMT) is started.l The user logs in to the GGSN9811 as an operator with the operation authority.
Context
You can set the password policy in two ways.
Procedure
l Through the menu
1. Choose Authority > Password Policy Setting...on the LMT. The Password Policy
Settingdialog box is displayed. Refer to Figure 3-7.
Figure 3-7Password Policy Settingdialog box
2. Set the minimum length of the password. The value ranges from 6 to 32.
3. Select the characters for password complexity, including lowercase letters, uppercase
letters, digits, and special characters.
3 Managing the Authority of the GGSN9811
HUAWEI GGSN9811 Gateway GPRS Support Node
Operation Guide
3-16 Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd
Issue 03 (2008-04-10)
7/25/2019 01-03 Managing the Authority of the GGSN9811
17/18
NOTE
The special characters include the following: ~, !, @, #, $, %, ^, &, *, (, ),_, +, -, {, }, |, [, ],
\, :, , ?, ., /, and space.
The following characters are prohibited: ,, ;, =, ", and '.
The following combinations are prohibited:
l Two or more %
l Two or more Space
l Start identifiers of MML packets +++
l End identifiers of MML packets ---
4. Click OK. Then, the Password Policy Settingdialog box disappears.
l Through the MML command
1. Run SET PWDPOLICYto set the password policy for local users.
----End
3.4.2 Querying the Password Policy
This part describes how to query the password policy that the user must comply with for login.
Prerequisite
l The local maintenance terminal (LMT) is started.
l The user logs in to the GGSN9811 as an operator with the operation authority.
Context
For details on the password policy, see 3.4.1 Setting the Password Policy.
Procedure
Run LST PWDPOLICYto query the password policy.
----End
3.4.3 Changing the Password
This part describes how to change the password. All the operators can modify their own
passwords.
Prerequisite
l The local maintenance terminal (LMT) is started.
l The user logs in to the GGSN9811.
HUAWEI GGSN9811 Gateway GPRS Support Node
Operation Guide 3 Managing the Authority of the GGSN9811
Issue 03 (2008-04-10) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd
3-17
7/25/2019 01-03 Managing the Authority of the GGSN9811
18/18
Context
CAUTION
The admin user must be cautious when changing the password. The admin user cannot log in to
the LMT if the password is forgotten. The only way to log in to the LMT if the password is
forgotten is to re-install the LMT.
Procedure
Step 1 Choose Authority> Change Password...on the LMT. The Change Passworddialog box isdisplayed. Refer to Figure 3-8.
Figure 3-8Change Passworddialog box
Step 2 Enter the old password for authentication, and then enter a new password to confirm.
Step 3 Click OK. Then, the Change Passworddialog box disappears.
----End
3 Managing the Authority of the GGSN9811
HUAWEI GGSN9811 Gateway GPRS Support Node
Operation Guide
3-18 Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd
Issue 03 (2008-04-10)