OAN000205 User Right Management ISSUE1.0

7/30/2019 OAN000205 User Right Management ISSUE1.0

1/39

ISSUE

Fixed Network Curriculum

Development Section

OAN000205 User RightManagement

1.0


2/39

Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal

2

References

N2000 User Manual (V2.10)


3/39


3

Objectives

Master how to create a user and

set authority for the user

Upon completion of this course, you will be able to:


4/39


4

Course Contents

Chapter 1 Basic Concepts

Chapter 2 User Management

Chapter 3 User Group management

Chapter 4 Operation Set Management

Chapter 5 Other Functions


5/39


5

Main Window for User Right Management


6/39


6

Functions of User Right Management

User Right Management is to manage the security of the system.

It decides who can log in to the system, what operations the login

users can perform, and which devices and boards the login users

can manage.

User right consists of:

ACL (Access Control List) right: It decides the client from which a

user can log in to the system.

Operation right: It decides the operations that can be performed by

the login user.

Management right: It decides the devices and boards that can be

managed by the login user.


7/39


7

User admin

After the system is initially installed, there is only one user

"admin" by default. And the initial system ACL is empty. The user

can only log in as "admin" from the server.

"admin" is a super user who has all operation and management

rights. Like other users, "admin" can be configured to log in from

a specified client. The difference is that admin has all the rights.

Other user accounts are directly or indirectly created by "admin".

In the NMS, only one user can log in as "admin" at the same time.

For other user accounts, multiple users can log in as the sameaccount at the same time. "admin" can force any other users to

exit.


8/39


8

User Group

User group is a group of NMS users that have the same

management and operation rights. User group management can

simplify right assignment. When the system is installed, three

default user groups are already assigned with the corresponding

rights. The default user groups cannot be deleted.

Maintainer Group: Perform daily maintenance operations.

Operator Group: Perform ordinary query and setting operations.

Watcher Group: Perform query operations only.

A user can be added to many user groups and has a collection ofrights of all these user groups.


9/39


9

ACL Management

ACL management are conducted at two layers.

At the first layer, the system ACL specifies the range of IP

addresses of the system clients. The users can log into the

system from the clients within this range only.

At the second layer, the user ACL specifies the users that canlog into the system from the clients specified in the system ACL.


10/39


10

Operation Set

Operation set is a group of operations. Operation set

management makes right assignment an easier task.

Default operation sets are already assigned to those default user

groups. Default operation sets can be used in right assignment

and assigned to newly created user groups or users.


11/39


11

Management Right

Management Right: Whether or not the user has the right to

manage the specified device and board.

In the topological view, the devices which the user has no right to

manage will not be shown to the user, and on the device panel,

the boards which the user has no right to manage will not be

shown to the user either.

When a user is created, he is not authorized to manage

any resource by default. The user can't assign management

right to the super user or himself. If a user is not authorized adevice, it is impossible to assign the operation right of the device

to him.


12/39


12

Course Contents







13/39


13

User Management

The functions of user management are as follows:

Create User

Set User ACL Right

Assign User Operation Right

Assign User Management Right


14/39


14

Create User

Create new user of the NMS.


15/39


15

Set System ACL

Set system ACL data, including adding/modifying/deleting ACL.


16/39


16

Set User ACL Right

Specify clients from which the users are authorized to log in.

"Constrained by ACL" is to set whether or not the user is

constrained by ACL. If the check box is cleared, it means that the

user is allowed to log in to the system from any client in the ACL,

otherwise, the user can only log in to the system from the

selected clients in the ACL.


17/39


17


Authorize or prohibit the user to conduct or from conducting the

specified operations.


18/39


18

Add Operation Right

New Device" right: The user has the same operation right for the

new created device.


19/39


19

Assign User Management Right

Authorize or prohibit the users to manage or from managing the

specified device and board.


20/39


20

Set Management Scope

Search the matching devices and set management status of the

device.


21/39


21

Course Contents







22/39


22

User Group Management

The functions of user group management are as follows:

Create User Group

Assign User Group Operation Right

Assign User Group Management Right

Add User Group Member


23/39


23

Create User Group

Create new user group of the NMS.


24/39


24

Assign User Group Operation Right

Authorize or prohibit the user groups to conduct or from

conducting the specified operations.


25/39


25

Assign User Group Management Right

Authorize or prohibit the user groups to manage or from

managing the specified device and board.


26/39


26

Add User Group Member

Add the specified user to the user group, which makes the user

has the same management and operation right as the user group.


27/39


27

Add User to User Group

1

2

3

4

5

6


28/39


28

Course Contents







29/39


29

Operation Set Management

The functions of operation set management are as follows:

Create Operation Set

Configure Operation Set Member



30/39


30

Create Operation Set

Create operation set according to the object type.


31/39


31

Configure Operation Set Member

Add or delete operation members in the operation set.


32/39


32


Authorize or prohibit the user to conduct or from conducting the

specified operations.

1

2

3

4

5

6

7


33/39


33

Check Operation Set Assignment


34/39


34

Course Contents







35/39


35

Browse User Operation Log


36/39


36

Realtime Monitoring User Operation Log

View operations conducted by the login users.


37/39


37

Dump User Operation Log


38/39


38

Modify User Attributes


39/39

C fid ti l I f ti f H i

39

Documents

OAN000205 User Right Management ISSUE1.0