7/29/2019 01-03 DMS User Management
1/32
iManager N2000 DMS Datacomm Network Management System
Administrator Guide Contents
Issue 02 (2007-10-15) Huawei Technologies Proprietary i
Contents
3 DMS User Management ...........................................................................................................3-1
3.1 Basic Concepts ..................................................................... ................................................................. ........3-2
3.1.1 User......................................................................................................................................................3-2
3.1.2 User Group...........................................................................................................................................3-2
3.1.3 Operation Set .......................................................... ....................................................................... ......3-3
3.1.4 ACL......................................................................................................................................................3-3
3.1.5 Managed Domain.................................................................................................................................3-3
3.1.6 Operation Rights ............................................................ ...................................................................... 3-3
3.1.7 Authority and Domain Based Management ......................................................................... ................3-4
3.1.8 User Right Allocation Policy ........................................................... .................................................... 3-4
3.2 Creating User Flow Chart .................................................................... ......................................................... 3-5
3.3 Creating an Operation Set .................................................................... ......................................................... 3-6
3.4 Creating a User Group...................................................................................................................................3-8
3.5 Creating a User............................................................................................................................................3-13
3.5.1 Adding a User ................................................................ .................................................................... 3-13
3.5.2 Adding Users to a User Group....................................................... .................................................... 3-16
3.5.3 Setting User ACL Rights....................................................................................................................3-17
3.5.4 Granting the Managed Domain to a User...........................................................................................3-19
3.5.5 Granting Operation Rights to a User..................................................................................................3-20
3.6 Forcing a User to Exit .................................................................. ............................................................... 3-21
3.7 Sending a Message to Selected Client.........................................................................................................3-22
3.8 Configuration Example for Authority and Domain Based Management.....................................................3-22
3.8.1 Application Scenario..........................................................................................................................3-22
3.8.2 Configuration Roadmap.....................................................................................................................3-23
3.8.3 Configuration Guide ........................................................ .................................................................. 3-24
3.8.4 Verifying the Configuration Example ..................................................................... ...........................3-29
7/29/2019 01-03 DMS User Management
2/32
Figures
iManager N2000 DMS Datacomm Network
Management System
Administrator Guide
ii Huawei Technologies Proprietary Issue 02 (2007-10-15)
Figures
Figure 3-1 Complete flow chart of creating a user .................................................................. ...........................3-6
Figure 3-2 New operation set ................................................... .......................................................................... 3-7
Figure 3-3 Adding operations.............................................................................................................................3-8
Figure 3-4 Creating a new user group .................................................... ............................................................ 3-9Figure 3-5 Adding users ............................................................... ............................................................... .....3-11
Figure 3-6 Setting the managed domain of the user group...............................................................................3-12
Figure 3-7 Adding rights ............................................................ ...................................................................... 3-13
Figure 3-8 New users ..................................................... ........................................................... .......................3-14
Figure 3-9 Advanced information of the users ..................................................................... ............................3-16
Figure 3-10 Adding user groups ..................................................................... .................................................. 3-17
Figure 3-11 Adding an ACL .................................................................. ........................................................... 3-18
Figure 3-12 Granting the managed domain to a user .................................................................. .....................3-20
Figure 3-13 Granting operation rights to a user................................................................................................3-21
Figure 3-14 Network planning diagram .................................................................. .........................................3-23
Figure 3-15 Management range of the state or provincial user ............................................................... .........3-24
Figure 3-16 Operation flowchart......................................................................................................................3-24
Figure 3-17 Setting managed domain for the core monitor group....................................................................3-25
Figure 3-18 Setting the managed domain for the user of User-1......................................................................3-26
Figure 3-19 Setting operation authorities for User Group-1.............................................................................3-27
Figure 3-20 Creating a user ............................................................ .................................................................. 3-28
Figure 3-21 Topology view for the User-1 ......................................................................... ..............................3-29
7/29/2019 01-03 DMS User Management
3/32
iManager N2000 DMS Datacomm Network Management System
Administrator Guide Tables
Issue 02 (2007-10-15) Huawei Technologies Proprietary iii
Tables
Table 3-1 Security attribute of a user..................................................................................................................3-4
Table 3-2 Parameter description in the new operation set dialog box .............................................................. ..3-7
Table 3-3 Parameter description in the create new user group dialog box ....................................................... 3-10
Table 3-4 Parameter description of adding new users ........................................................................ ..............3-14
7/29/2019 01-03 DMS User Management
4/32
iManager N2000 DMS Datacomm Network Management System
Administrator Guide 3 DMS User Management
Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-1
3 DMS User ManagementAbout This Chapter
The following table shows the contents of this chapter.
Section Description
3.1 Basic Concepts This section describes related concepts of DMS user
management.
3.2 Creating User Flow Chart This section describes the operation flow chart of creatinga user.
3.3 Creating an Operation Set This section describes how to create an operation set.
3.4 Creating a User Group This section describes how to create a user group.
3.5 Creating a User This section describes how to create a user group, allocateusers to the user group, set rights of accessing the user
address, and allocate the managed domain and operationrights to the user.
3.6 Forcing a User to Exit This section describes how to force a current user to exit.
3.7 Sending a Message toSelected Client
This section describes how to send a message to theselected client.
3.8 Configuration Example forAuthority and Domain BasedManagement
This section describes how to configure example forauthority and domain based management.
7/29/2019 01-03 DMS User Management
5/32
3 DMS User Management
iManager N2000 DMS Datacomm Network Management System
Administrator Guide
3-2 Huawei Technologies Proprietary Issue 02 (2007-10-15)
3.1 Basic Concepts
3.1.1 UserDMS users are divided into three kinds: the default admin user, the default corba user, and
the other DMS users.
After you install the DMS, two default users, the admin user and corba user, are created.
The cobra user is created only after you install the northbound interface components.
admin
The admin user has the highest authority to the DMS and can manage the DMS.
When you log in to the DMS for the first time as admin, the default password is N2000. Afterclicking Login, the system forces you to change the password.
corba
The corba user is used to connect the third party software. The corba user can complete the
connection between the third party software and the DMS. The default password iscorbaagent. Change the password as soon as possible.
By default, the user has no managed domains or operation rights. Generally, the administratordoes not need to change the rights of the corba user. Modify the Access Control List (ACL)
when the third party NMS is connected to the DMS.
For details, see 3.5.3 "Setting User ACL Rights."
Other DMS users
The differences between users are described as follows:
z The admin user has all operation rights. You do not need to grant rights to the admin
user. Only the admin user can assign and modify the security operation rights, create and
modify the security user group, and create and delete the security administrator. Bydefault, a DMS server allows only one admin user to log in.
z You need to grant rights to the corba user. A DMS server allows two or more corba
users to log in at the same time.z The other DMS users are created by the admin user or the users who have the security
management rights. A DMS server allows two or more users to log inn at the same time.
3.1.2 User Group
The user group is group in the device and used to control the access of the user to thenetwork.
The DMS provides three default user groups as follows:
z Maintainer group: Performs the daily maintenance operations.
z Operator group: Performs the query and configuration operations.
7/29/2019 01-03 DMS User Management
6/32
iManager N2000 DMS Datacomm Network Management System
Administrator Guide 3 DMS User Management
Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-3
z Monitor group: Performs the query operation.
If a user group has the management access to a sub-map, the user group has the management
access to all devices in the sub-map.
3.1.3 Operation SetAn operation set is a group of operations. It is a set of operations that are performed on the
DMS by the corresponding users.
z One operation set may contain multiple operations.
z One operation may belong to multiple operation sets.
The NMS predefines different operation sets to different operation types. For the system
default operation set, modifying and deleting are not allowed.
3.1.4 ACL
The Access Control List (ACL) is the security mechanism that allows users to log in to the
DMS only from a certain IP address or network segment.
Security control is achieved at two layers as follows:
z System ACL
You can only select the IP address (IP address network segment), which is used to log in to the
DMS server, from some ACL. This ACL is called the system ACL.
z User ACL
Select the IP addresses, which the user can access, to form the user ACL.
By the security control at two layers, you can effectively control the IP address, throughwhich the user can log in to the DMS server. Even if the user account and password are
embezzled at the same time, the embezzler cannot log in to the DMS server. This ensures the
security of the DMS.
3.1.5 Managed Domain
The managed domain specifies the range of devices that a user can manage, or the range ofdevices that a user group can manage.
The limit to the use of the managed domain is shown as follows:
z A new created user has no rights to manage any resources by default.
z Common users cannot assign the managed domain to the admin user or to themselves.
z The devices that a user has no management access are not displayed on the topologyview.
z If a user has no management access to a device, the user cannot obtain the operationaccess.
3.1.6 Operation Rights
Operation rights specify the operations that a user can perform.
The operation rights vary with the operation objects. If a device is not in the managed domain
of a user, the user has no rights to operate the device.
7/29/2019 01-03 DMS User Management
7/32
3 DMS User Management
iManager N2000 DMS Datacomm Network Management System
Administrator Guide
3-4 Huawei Technologies Proprietary Issue 02 (2007-10-15)
3.1.7 Authority and Domain Based Management
The NMS provides authority and domain based management, which allows different users to
manage different objects. Thus, departments from different domains and levels can manage
the network coordinately.
The authority and domain based management encompasses two parts: authority managementand domain management.
Domain Management
Domain management is to classify device nodes, services, or data into different domains, and
assign the management authorities to the domain administrator. Then, the managed objects ofthe domain administrator can be controlled.
Authority Management
Authority management is to classify authorities into different levels such as maintenanceauthority, operation authority, and monitoring authority. Through the authentication, a useraccount is valid only in a certain domains and cannot manage other domains.
3.1.8 User Right Allocation Policy
The security attributes of a user include the login time segment, locked status, and bound IP
address. For the description of attributes and related operations, see Table 3-1.
Table 3-1Security attribute of a userRight Description Operation
Login timesegment
According to the login time
segment, you can control the
time when the user logs in tothe DMS server.
When creating a user account,
configure the information of logintime segment.
Locked status When the user fails to login
within the specified attempts
(3 attempts by default), theaccount is locked. The lockeduser cannot log in to the DMS.
When the time for the locked status
exceeds the set time (30 minutes by
default), the system automaticallyunlocks the account. You canmanually unlock the account.
Bound IP address Generally, the DMS does not
limit the IP address of theclient that the user logs in to.
Once the user binds the IP
address, the IP address of theclient, which the user logs in
to, must be bound to the IPaddress list.
Change the IP address list bound to
the user by modifying the attributesof the user account.
7/29/2019 01-03 DMS User Management
8/32
iManager N2000 DMS Datacomm Network Management System
Administrator Guide 3 DMS User Management
Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-5
Right Description Operation
Account expiringtime
Setting the expiring time of an
account, you can enable theaccount to be invalid after the
account exceeds the expiringtime.
Set the account to be valid forever
when you set up a long-termaccount.
Set expiring days of an account
when you set up a temporaryaccount.
Suspend account Set the account to be
suspended.
For maintenance, you can set some
accounts to be suspended.
Password expiringtime
Setting the expiry of thepassword, you can enable a
user to modify the password ina certain period of time.
Set the password to be validforever. The user can use the
current password.
Set the password not to validforever and set the expiring time of
the password to enable the user tomodify the password in the certainperiod of time.
3.2 Creating User Flow Chart
The complete flow chart of creating a user contains the operations of creating an operation set,
a user group and a user.
In the real operation, the system pre-sets many operation sets and user groups. So the
administrator only needs to perform the operations described in section 3.5 "Creating a User,"if it is not necessary to set a special operation set and user group.
Figure 3-1 shows the complete flow chart of creating a user.
7/29/2019 01-03 DMS User Management
9/32
3 DMS User Management
iManager N2000 DMS Datacomm Network Management System
Administrator Guide
3-6 Huawei Technologies Proprietary Issue 02 (2007-10-15)
Figure 3-1Complete flow chart of creating a userStart
Create operation set
Create a user group
Create a user
End
3.3 Creating an Operation Set
Description
Crating an operation set.In the NMS, a user can define operation sets according to actual management needs. Thus, the
user can divide the operation granularity according to different application needs.
Precaution
The user has the right to create an operation set.
Procedure
Step 1 In the NMS, choose System > Security Management. Then the security managementinterface is displayed.
Step 2 On the Security Object navigation tree on the left, choose the Operation Sets node. Rightclick and choose New Operation Set.
Step 3 The New Operation Set dialog box is displayed, as shown in Figure 3-2.Step 4 Configure the parameters Name, Description, Type and Subtype of the operation set. For the
description of parameters, see Table 3-2.
7/29/2019 01-03 DMS User Management
10/32
iManager N2000 DMS Datacomm Network Management System
Administrator Guide 3 DMS User Management
Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-7
Figure 3-2New operation set
Table 3-2Parameter description in the new operation set dialog boxParameter Description Setting
Name z It refers to the name of an operation set.
z It is a mandatory item.
z It cannot be null or be the same with thatof an existing operation set.
It must be a string with 1 to64 characters.
Description You can enter other descriptions here. It must be a string with 0 to64 characters.
Type It refers to the security type in the NMS. It is FixedNetwork Device
Management by default.
It is selected from thedrop-down list.
Subtype It refers to the subtypes of each security
type.
It is 3rd-Party Device by
default.
It is selected from thedrop-down list.
Step 5 ClickOK and return to the security management interface.Step 6 On the navigation tree on the left, click the new-created operation set. Select the Operations
tab in the working area on the right.
Step 7 ClickAdd. The Add Operation dialog box is displayed, as shown in Figure 3-3.Select the operations contained in the operation set. ClickAdd to add the operations in theselected box.
7/29/2019 01-03 DMS User Management
11/32
3 DMS User Management
iManager N2000 DMS Datacomm Network Management System
Administrator Guide
3-8 Huawei Technologies Proprietary Issue 02 (2007-10-15)
Figure 3-3Adding operations
Step 8 ClickOK and return to the security management interface. Complete the creation of theoperation set.
----End
3.4 Creating a User Group
Description
Create a new user group.
In the NMS, a user can define a user group according to actual application needs and allocate
different rights to the user group. Thus, the rights can be fractionalized.
Precaution
The user has the right to create a user group.
Procedure
Step 1 In the NMS, choose System > Security Management. Then the security managementinterface is displayed.
Step 2 On the Security Object navigation tree on the left, choose the User Groups node. Right clickand choose the
New User Groupmenu.
7/29/2019 01-03 DMS User Management
12/32
iManager N2000 DMS Datacomm Network Management System
Administrator Guide 3 DMS User Management
Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-9
Step 3 The Create New User Group dialog box is displayed, as shown in Figure 3-4.Configure the Name and Description of the user group. Select the value in Limit maximumnumber of sessions. IfYes is selected, you need to configure the Maximum number of
sessions.
If it is needed to set the group administrator, click . The Set User Group Administrator
dialog box is displayed. Select the administrator. ClickOK and return to the Create NewUser Group dialog box.
For the description of parameters, see Table 3-3.
Figure 3-4Creating a new user group
7/29/2019 01-03 DMS User Management
13/32
3 DMS User Management
iManager N2000 DMS Datacomm Network Management System
Administrator Guide
3-10 Huawei Technologies Proprietary Issue 02 (2007-10-15)
Table 3-3Parameter description in the create new user group dialog boxParameter Description Setting
Name z It refers to the name of a user group.
z It is mandatory.z It cannot be null or be the same with that
of an existing user group.
It must be a string with 1 to
20 characters.
Description You can enter other descriptions here. It must be a string with 0 to
48 characters.
Limit
maximumnumber ofsessions
It refers to whether the user group is limitedby the maximum number of session.
You can select Yes or No.By default, it is No.
Maximum
number ofsessions
It refers to the maximum number of
sessions of the user group. When the Limitmaximum number of sessions is Yes, youcan configure this parameter.
By default, it is 5.
Value range: 05.
Group
Manager
The administrator can add users, allocate
the domain and operate the rights.By the button , select agroup administrator.
Step 4 ClickOK and return to the security management interface.Step 5 This step is optional. By this step, you can add the created user to the user group.
1. On the navigation tree on the left, click the new-created user group. Select the Memberstab in the working area on the right.
2. ClickAdd. The Add Operation dialog box is displayed, as shown in Figure 3-5.
3. Select the user to be added to the group. ClickAdd.
4. ClickOK and return to the security management interface.
7/29/2019 01-03 DMS User Management
14/32
iManager N2000 DMS Datacomm Network Management System
Administrator Guide 3 DMS User Management
Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-11
Figure 3-5Adding users
Step 6 On the navigation tree on the left, click the new-created user group. Select the ManagedDomain tab in the working area on the right.
Step 7 Expand the Submap andthe Resource Group, and then corresponding sub-items.Selecting the check box before the device in the AS domain, you can configure themanagement domain of the device for the user group, as shown in Figure 3-6.
ClickApply.
7/29/2019 01-03 DMS User Management
15/32
3 DMS User Management
iManager N2000 DMS Datacomm Network Management System
Administrator Guide
3-12 Huawei Technologies Proprietary Issue 02 (2007-10-15)
Figure 3-6Setting the managed domain of the user group
Step 8 On the navigation tree on the left, click the new-created user group. Select the OperationRights tab in the working area on the right.
1. ClickAdd. The Add Right dialog box is displayed, as shown in Figure 3-7.
2. Choose Type, Subtype, Operation Object and Operation. Click Add.3. ClickOK and return to the security management interface.
7/29/2019 01-03 DMS User Management
16/32
iManager N2000 DMS Datacomm Network Management System
Administrator Guide 3 DMS User Management
Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-13
Figure 3-7Adding rights
Step 9 In the navigation tree on the left, click the new user group, and then select the CurrentSession tab.
The user information of the user group is displayed.
----End
3.5 Creating a User
3.5.1 Adding a User
Description
Create a new user.
Precaution
The user has the right to create a new user.
Procedure
Step 1 In the NMS, choose System > Security Management. Then the security managementinterface is displayed.
Step 2 On the Security Object navigation tree on the left, choose the Users node. Right click andchoose New User.
7/29/2019 01-03 DMS User Management
17/32
3 DMS User Management
iManager N2000 DMS Datacomm Network Management System
Administrator Guide
3-14 Huawei Technologies Proprietary Issue 02 (2007-10-15)
Step 3 The New User dialog box is displayed, as shown in Figure 3-8. For the description ofparameters, see Table 3-4.
Figure 3-8New users
Table 3-4Parameter description of adding new usersParameters Description
Name The length of the character string is from 6 to 20. The parameter
cannot be null or cannot be the same with that of an existing usergroup.
Full name It is a string with characters less than 80. It shows the full name
of the user. This parameter can be null.
Description It is a string with characters less than 245. It is the information
that the maintenance personnel needs to describe. This parametercan be null.
Password It is the password of the new-created user and is not null. The
length of the character string is from 8 to 16. It must contain a
figure and a letter, but not an entire user name or an entire word.It cannot be the incremental, descending, or interval sequence offigures and letters.
7/29/2019 01-03 DMS User Management
18/32
iManager N2000 DMS Datacomm Network Management System
Administrator Guide 3 DMS User Management
Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-15
Parameters Description
Confirm password Confirm the password. This parameter must be the same with thepassword.
Suspend account It can be Yes or No. By default, it is No.
Account always valid It can be Yes or No. By default, it is No.
Account validity(days) If you choose No in the Account validity check box, you can
enter the validity days in the box. You can also use the defaultvalue 180.
Password always valid It can be Yes or No. By default, it is No.
Password validity
(days)
If you select Yes in the Password validity check box, no limit is
on the days. If you choose No in the Password validity checkbox, you can input the validity days in the box. It is 90 days by
default.
Login duration Limit the time when the user logs in to the system. It is any timeby default. Click ... on the right to enter the time. Add the timewhen the Login time dialog box appears.
Lock account on no
login
If the user does not log in to the system in the specified period of
login, the account of the user is locked.
No login period(days) Specifies the maximum days of the interval of user login. WhenLock account on no login is Yes, it is 30 days by default.
Must modify password If choosing Must modify password, the user must modify thelogin password when logging in to the system first time.
Max. online users arerestricted
If you choose Max. online users are restricted, the amount ofthe online users is limited by the Max. online users.
Max. online users It specifies the amount of the users who is online at the same
time. When you choose Yes in the Max. online users arerestricted, the amount is valid. The value range is from 1 to 255.It is 30 by default. When the user logs in, the systemautomatically judges whether the amount of the users reaches the
maximum value according to the DMS license. If the amount ofusers reaches the maximum value, the user fails to log in.
Managed User Groups It specifies the user groups managed by the user. Choose the user
group by clicking .
Step 4 Select the Advanced tab. Configure the advanced information of the user, as shown in Figure3-9.
The rights are granted to the user in the advanced information. There are two modes ofgranting rights, "belong to" and "copy the user rights ".
z Belong to
Select the user group, to which the new user belongs. After the new user is granted to the user
group, the user has the management and operation rights of the user group.
7/29/2019 01-03 DMS User Management
19/32
3 DMS User Management
iManager N2000 DMS Datacomm Network Management System
Administrator Guide
3-16 Huawei Technologies Proprietary Issue 02 (2007-10-15)
z Copy the user rights
Copy the user rights to the new user. And then the new user has the management and
operation rights of the user whose rights are copied to the new user.
Figure 3-9Advanced information of the users
Step 5 ClickOK.----End
3.5.2 Adding Users to a User Group
Description
Add users to the user group.
Precautionz If you do not allocate the user to the user group, you can directly grant the managed
domain and operation rights to the user.
z After a user is added to the user group, the user has the managed domain and operationrights of the user group.
7/29/2019 01-03 DMS User Management
20/32
iManager N2000 DMS Datacomm Network Management System
Administrator Guide 3 DMS User Management
Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-17
z If you grant the user group, managed domain and operation rights to the user, the userhas the rights of the user group, managed domain and operations.
Procedure
Step 1 On the navigation tree on the left, click the new-created user. Select the Groups tab in theworking area on the right.
Step 2 ClickAdd. The Add User Group dialog box is displayed, as shown in Figure 3-10.Step 3 Select the user group that the user belongs to. ClickAdd.Step 4 ClickOK. Complete the operations on the user group that the user belongs to.
Figure 3-10Adding user groups
----End
3.5.3 Setting User ACL Rights
Description
Configure the clients that can log in to the DMS server.
Precautionz If you do not select the Enable user ACL check box, you can log in from any client in
the ACL.
7/29/2019 01-03 DMS User Management
21/32
3 DMS User Management
iManager N2000 DMS Datacomm Network Management System
Administrator Guide
3-18 Huawei Technologies Proprietary Issue 02 (2007-10-15)
z If you select the Enable user ACL check box, you can log in only from the selectedclient.
Procedure
Step 1 On the navigation tree on the left, click the new-created user group. Select the ACL Settingtab in the working area on the right.
Step 2 ClickSet ACL.The Set ACL dialog box is displayed.
Step 3 ClickAdd. The Add dialog box is displayed, as shown in Figure 3-11.Step 4 Enter the IP address of the user or the network segment that the user belongs to. ClickOK.
The IP address of the network segment is shown in the form of IP network segment address/mask, such
as 10.71.60.0/24. That is, the legal user can log in to the server from the client whose IP address ranges
from 10.71.60.1 to 10.71.60.254.
Figure 3-11Adding an ACL
Step 5 Return to the Set ACL dialog box. ClickClose.Step 6 In the ACL Setting tab, select the Enable user ACL check box. Select the Access Allowed
check box. Set that the user can only access from the selected IP address or network segment.
Step 7 ClickApply.----End
7/29/2019 01-03 DMS User Management
22/32
iManager N2000 DMS Datacomm Network Management System
Administrator Guide 3 DMS User Management
Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-19
3.5.4 Granting the Managed Domain to a User
Description
Grant the managed domain to a user.
The managed domain of the user can be adjusted based on the rights of the user group.
z If the user belongs to the default maintenance group, the user has the managed domain ofall devices in the submap that can be managed by the user group.
z If the user does not belong to the default maintenance group, you can adjust and thenclarify the resource that can be managed by the user.
Precaution
During the procedure of granting the managed domain to the user, the granted rights cannot
exceed the managed domain of the current user.
Procedure
Step 1 ChooseSystem > Security Management.Step 2 On the Users node of the Security Object navigation tree, click the user to be configured.Step 3 Select the Managed Domain tab in the information area displayed on the right of the
window.
Step 4 Choose the devices that can be managed by the user, as shown in Figure 3-12.
7/29/2019 01-03 DMS User Management
23/32
3 DMS User Management
iManager N2000 DMS Datacomm Network Management System
Administrator Guide
3-20 Huawei Technologies Proprietary Issue 02 (2007-10-15)
Figure 3-12Granting the managed domain to a user
Step 5 ClickApply to grant the managed domain to the user.----End
3.5.5 Granting Operation Rights to a User
Description
Grant operation rights to a user.
Procedure
Step 1 ChooseSystem > Security Management.Step 2 On the Users node of the Security Object navigation tree, click the user to whom the
operation rights are granted.
Step 3 Choose the Operation Rights tab in the information area displayed on the right of thewindow.
Step 4 ClickAdd.Step 5 In the opened Add Right dialog box, select Type and Subtype. Select the operation name.
ClickAdd. Add the name to the operation domain box, as shown in Figure 3-13.
7/29/2019 01-03 DMS User Management
24/32
iManager N2000 DMS Datacomm Network Management System
Administrator Guide 3 DMS User Management
Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-21
Figure 3-13Granting operation rights to a user
Step 6 ClickOK to add specified operation rights to the user.----End
3.6 Forcing a User to Exit
Description
Force the user who logs in to the DMS to exit.
Precautionz Only the user, who has the right of forcing other users to exit, can perform the operation.
z The admin user can force other users to exit and other users cannot force the admin userto exit.
Procedure
Step 1 ChooseSystem > Security Management.Step 2 On the Security Object navigation tree, choose the Users node.Step 3 Right click the page. In the short-cut menu that is displayed, choose Login User
Information.
The information of the user who logs in is displayed in the window on the right.
7/29/2019 01-03 DMS User Management
25/32
3 DMS User Management
iManager N2000 DMS Datacomm Network Management System
Administrator Guide
3-22 Huawei Technologies Proprietary Issue 02 (2007-10-15)
Step 4 Choose the user who is going to exit forcibly. Right click the page. Choose Force to Exit inthe short-cut menu that is displayed.
Step 5 In the confirmation dialog box, which is displayed, clickOK.----End
3.7 Sending a Message to Selected Client
Description
Send a message to the specified client or all other clients to enable the users who are indifferent places to exchange the maintenance information in real time.
Procedure
Step 1 Choose System > Security Management.Step 2 On the Security Object navigation tree, choose the Users node.Step 3 Right click the page. In the short-cut menu that is displayed, choose Login User
Information.
The information of the user who logs in is displayed in the window on the right.
Step 4 Perform the following the two operations:z Select the user who receives the message. Right click the page. Choose Send Message to
Selected Client, you can send a message to the selected client.
z In the current user, right click to choose Send Message to All Other Clients. You cansend the same message to all other clients.
Step 5 In the Send Message to Selected Client or Send Message to All Other Clients dialog boxthat appears, enter the contents of the message. ClickSend.
----End
3.8 Configuration Example for Authority and DomainBased Management
3.8.1 Application Scenario
Corporate users can manage specified Core Router (CR) and Border Router (BR) devices.
State or provincial users can do the following:
z Manage all Access Router (AR) devices inside the state or province
z Monitor directly-associated BR devices
State or provincial users cannot manage CR devices.
7/29/2019 01-03 DMS User Management
26/32
iManager N2000 DMS Datacomm Network Management System
Administrator Guide 3 DMS User Management
Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-23
3.8.2 Configuration Roadmap
Figure 3-14Network planning diagram
User Group-1 and User Group-2 are user groups for a state or province.
Classifying SubmapClassify submaps according to states or provinces, and a state or province corresponds to a
submap. A submap contains only AR devices inside the state or province. BR and CR deviceslocate in the physical view and are not classified, as shown in Figure 3-14.
Classifying User Groupsz Core monitor group
Manages and monitors specified CR and BR devices, but cannot perform configuration
operations.
z State or provincial user group
Manages AR devices in the state or province only, and has operation authorities.Configuration operations to AR devices in the state or province are allowed.
Classifying User Authorities
Create a state or provincial user for each state or province. The user features the following:
z Belongs to the state or provincial user group and core monitor group.
z Manages all AR devices in the state or province.
z Monitors directly-associated BR devices.
Figure 3-15 shows the management range of the state or provincial user.
7/29/2019 01-03 DMS User Management
27/32
3 DMS User Management
iManager N2000 DMS Datacomm Network Management System
Administrator Guide
3-24 Huawei Technologies Proprietary Issue 02 (2007-10-15)
Figure 3-15Management range of the state or provincial user
3.8.3 Configuration Guide
Here takes configuring the User-1 user as an example. The configuration of the User-2 user isthe same.
Figure 3-16 shows the operation flowchart.
Figure 3-16Operation flowchart
Create an operation set
End
Create the core monitor group
Create the user group-1
Create the user-1
Start
7/29/2019 01-03 DMS User Management
28/32
iManager N2000 DMS Datacomm Network Management System
Administrator Guide 3 DMS User Management
Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-25
Creating an Operation Set
In the system, there are many types of preset operation sets for operators, watchers, and
maintainers. A user can also customize an operation set. For details, see section 3.3 "Creatingan Operation Set."
Creating the Core Monitor Group
Step 1 Create the Core Monitor Group.1. In Security Object navigation tree on the left, select the User Groups node. Right-click
it, and select New User Group.
2. The Create New User Group dialog box is displayed.
Enter Core Monitor Group as the user group name, and enter description information.
3. ClickOK.
Step 2 Set Managed Domain for Core Monitor Group.1. In navigation tree on the left, click Core Monitor Group, and select the Managed
Domain tab in the working area on the right.
2. Expand Submap > Physical Map, select Physical Map, but do not select UserGroup-1(AR) and User Group-2(AR), as shown in Figure 3-17.
The Core Monitor Group can monitor all BR and CR devices.
Figure 3-17Setting managed domain for the core monitor group
3. ClickApply.
----End
Creating the User Group-1
Step 1 Create the User Group-1.1. In Security Object navigation tree on the left, select the User Groups node. Right-click
it, and select New User Group.
2. The Create New User Group dialog box is displayed.
Enter User Group-1 as the user group name, and enter description information.
3. ClickOK.
7/29/2019 01-03 DMS User Management
29/32
3 DMS User Management
iManager N2000 DMS Datacomm Network Management System
Administrator Guide
3-26 Huawei Technologies Proprietary Issue 02 (2007-10-15)
Step 2 Set Managed Domain for User Group-1.1. In navigation tree on the left, clickUser Group-1, and select the Managed Domain tab
in the working area on the right.
2. Expand Submap > Physical Map, select User Group-1(AR), as shown in Figure 3-18.
Figure 3-18Setting the managed domain for the user of User-1
3. ClickApply.
Step 3 Set Operation Rights for User Group-1.1. Select the Operation Rights tab in the working area on the right. ClickAdd.
The Add Right dialog box is displayed.
2. Select Network Management Application for Type, select values for Subtype in turn,
and add related operator operation sets to the operation authority list.
3. Select Fixed Network Device Management for Type, select values for Subtype in turn,and add related operator operation sets to operation authority list, as shown in Figure3-19.
7/29/2019 01-03 DMS User Management
30/32
iManager N2000 DMS Datacomm Network Management System
Administrator Guide 3 DMS User Management
Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-27
Figure 3-19Setting operation authorities for User Group-1
4. ClickOK.
----End
Creating the User-1
Step 1 Create a user for User Group-11. In Security Object navigation tree on the left, select the Users node. Right-click it, and
select New User.
2. Set general information, as shown in Figure 3-20.
7/29/2019 01-03 DMS User Management
31/32
3 DMS User Management
iManager N2000 DMS Datacomm Network Management System
Administrator Guide
3-28 Huawei Technologies Proprietary Issue 02 (2007-10-15)
Figure 3-20Creating a user
3. ClickOK.
Step 2 Set the user group that the User-1 belongs to.1. ClickUser-1, and select the Groups tab in the working area on the right.
2. ClickAdd.
The Add User Group dialog box is displayed.
3. Select User Group-1 and Core Monitor Group, and clickAdd.
4. ClickOK.
Step 3 Set the ACL authority for the user.Select the ACL Setting tab in the working area on the right, and set ACL for Area-1 User.For details, see 3.5.3 "Setting User ACL Rights."
Step 4 Set the managed domain for User-1.1. Select the Managed Domain tab, and expand Submap > Physical Map.
2. Select all devices in User Group-1 and all directly-associated BR devices, and clickApply.
Step 5 Set operation rights for User-1.1. Select the Operation Rights tab in the working area on the right. ClickAdd.
7/29/2019 01-03 DMS User Management
32/32
iManager N2000 DMS Datacomm Network Management System
Administrator Guide 3 DMS User Management
The Add Right dialog box is displayed.
2. Select Fixed Network Device Management for Type, select NE40E for Subtype, andthen select NE40E-1(BR) in the Operation Object area.
3. Select NE40E Monitor Operation Set, and clickAdd.
4. ClickOK.
----End
3.8.4 Verifying the Configuration Example
Step 1 Log in to the NMS client as the User-1.Figure 3-21 show the topology view.
Figure 3-21Topology view for the User-1
Step 2 Verify the operation authorities of the User-1 to AR and BR devices.
The User-1 has operations authorities to all devices in the state or province, but can only
monitor directly-associated BR device NE40E-1.
----End