01-03 DMS User Management

7/29/2019 01-03 DMS User Management

1/32

iManager N2000 DMS Datacomm Network Management System

Administrator Guide Contents

Issue 02 (2007-10-15) Huawei Technologies Proprietary i

Contents

3 DMS User Management ...........................................................................................................3-1

3.1 Basic Concepts ..................................................................... ................................................................. ........3-2

3.1.1 User......................................................................................................................................................3-2

3.1.2 User Group...........................................................................................................................................3-2

3.1.3 Operation Set .......................................................... ....................................................................... ......3-3

3.1.4 ACL......................................................................................................................................................3-3

3.1.5 Managed Domain.................................................................................................................................3-3

3.1.6 Operation Rights ............................................................ ...................................................................... 3-3

3.1.7 Authority and Domain Based Management ......................................................................... ................3-4

3.1.8 User Right Allocation Policy ........................................................... .................................................... 3-4

3.2 Creating User Flow Chart .................................................................... ......................................................... 3-5

3.3 Creating an Operation Set .................................................................... ......................................................... 3-6

3.4 Creating a User Group...................................................................................................................................3-8

3.5 Creating a User............................................................................................................................................3-13

3.5.1 Adding a User ................................................................ .................................................................... 3-13

3.5.2 Adding Users to a User Group....................................................... .................................................... 3-16

3.5.3 Setting User ACL Rights....................................................................................................................3-17

3.5.4 Granting the Managed Domain to a User...........................................................................................3-19

3.5.5 Granting Operation Rights to a User..................................................................................................3-20

3.6 Forcing a User to Exit .................................................................. ............................................................... 3-21

3.7 Sending a Message to Selected Client.........................................................................................................3-22

3.8 Configuration Example for Authority and Domain Based Management.....................................................3-22

3.8.1 Application Scenario..........................................................................................................................3-22

3.8.2 Configuration Roadmap.....................................................................................................................3-23

3.8.3 Configuration Guide ........................................................ .................................................................. 3-24

3.8.4 Verifying the Configuration Example ..................................................................... ...........................3-29


2/32

Figures

iManager N2000 DMS Datacomm Network

Management System

Administrator Guide

ii Huawei Technologies Proprietary Issue 02 (2007-10-15)

Figures

Figure 3-1 Complete flow chart of creating a user .................................................................. ...........................3-6

Figure 3-2 New operation set ................................................... .......................................................................... 3-7

Figure 3-3 Adding operations.............................................................................................................................3-8

Figure 3-4 Creating a new user group .................................................... ............................................................ 3-9Figure 3-5 Adding users ............................................................... ............................................................... .....3-11

Figure 3-6 Setting the managed domain of the user group...............................................................................3-12

Figure 3-7 Adding rights ............................................................ ...................................................................... 3-13

Figure 3-8 New users ..................................................... ........................................................... .......................3-14

Figure 3-9 Advanced information of the users ..................................................................... ............................3-16

Figure 3-10 Adding user groups ..................................................................... .................................................. 3-17

Figure 3-11 Adding an ACL .................................................................. ........................................................... 3-18

Figure 3-12 Granting the managed domain to a user .................................................................. .....................3-20

Figure 3-13 Granting operation rights to a user................................................................................................3-21

Figure 3-14 Network planning diagram .................................................................. .........................................3-23

Figure 3-15 Management range of the state or provincial user ............................................................... .........3-24

Figure 3-16 Operation flowchart......................................................................................................................3-24

Figure 3-17 Setting managed domain for the core monitor group....................................................................3-25

Figure 3-18 Setting the managed domain for the user of User-1......................................................................3-26

Figure 3-19 Setting operation authorities for User Group-1.............................................................................3-27

Figure 3-20 Creating a user ............................................................ .................................................................. 3-28

Figure 3-21 Topology view for the User-1 ......................................................................... ..............................3-29


3/32


Administrator Guide Tables

Issue 02 (2007-10-15) Huawei Technologies Proprietary iii

Tables

Table 3-1 Security attribute of a user..................................................................................................................3-4

Table 3-2 Parameter description in the new operation set dialog box .............................................................. ..3-7

Table 3-3 Parameter description in the create new user group dialog box ....................................................... 3-10

Table 3-4 Parameter description of adding new users ........................................................................ ..............3-14


4/32


Administrator Guide 3 DMS User Management

Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-1

3 DMS User ManagementAbout This Chapter

The following table shows the contents of this chapter.

Section Description

3.1 Basic Concepts This section describes related concepts of DMS user

management.

3.2 Creating User Flow Chart This section describes the operation flow chart of creatinga user.

3.3 Creating an Operation Set This section describes how to create an operation set.

3.4 Creating a User Group This section describes how to create a user group.

3.5 Creating a User This section describes how to create a user group, allocateusers to the user group, set rights of accessing the user

address, and allocate the managed domain and operationrights to the user.

3.6 Forcing a User to Exit This section describes how to force a current user to exit.

3.7 Sending a Message toSelected Client

This section describes how to send a message to theselected client.

3.8 Configuration Example forAuthority and Domain BasedManagement

This section describes how to configure example forauthority and domain based management.


5/32

3 DMS User Management


Administrator Guide

3-2 Huawei Technologies Proprietary Issue 02 (2007-10-15)

3.1 Basic Concepts

3.1.1 UserDMS users are divided into three kinds: the default admin user, the default corba user, and

the other DMS users.

After you install the DMS, two default users, the admin user and corba user, are created.

The cobra user is created only after you install the northbound interface components.

admin

The admin user has the highest authority to the DMS and can manage the DMS.

When you log in to the DMS for the first time as admin, the default password is N2000. Afterclicking Login, the system forces you to change the password.

corba

The corba user is used to connect the third party software. The corba user can complete the

connection between the third party software and the DMS. The default password iscorbaagent. Change the password as soon as possible.

By default, the user has no managed domains or operation rights. Generally, the administratordoes not need to change the rights of the corba user. Modify the Access Control List (ACL)

when the third party NMS is connected to the DMS.

For details, see 3.5.3 "Setting User ACL Rights."

Other DMS users

The differences between users are described as follows:

z The admin user has all operation rights. You do not need to grant rights to the admin

user. Only the admin user can assign and modify the security operation rights, create and

modify the security user group, and create and delete the security administrator. Bydefault, a DMS server allows only one admin user to log in.

z You need to grant rights to the corba user. A DMS server allows two or more corba

users to log in at the same time.z The other DMS users are created by the admin user or the users who have the security

management rights. A DMS server allows two or more users to log inn at the same time.

3.1.2 User Group

The user group is group in the device and used to control the access of the user to thenetwork.

The DMS provides three default user groups as follows:

z Maintainer group: Performs the daily maintenance operations.

z Operator group: Performs the query and configuration operations.


6/32




z Monitor group: Performs the query operation.

If a user group has the management access to a sub-map, the user group has the management

access to all devices in the sub-map.

3.1.3 Operation SetAn operation set is a group of operations. It is a set of operations that are performed on the

DMS by the corresponding users.

z One operation set may contain multiple operations.

z One operation may belong to multiple operation sets.

The NMS predefines different operation sets to different operation types. For the system

default operation set, modifying and deleting are not allowed.

3.1.4 ACL

The Access Control List (ACL) is the security mechanism that allows users to log in to the

DMS only from a certain IP address or network segment.

Security control is achieved at two layers as follows:

z System ACL

You can only select the IP address (IP address network segment), which is used to log in to the

DMS server, from some ACL. This ACL is called the system ACL.

z User ACL

Select the IP addresses, which the user can access, to form the user ACL.

By the security control at two layers, you can effectively control the IP address, throughwhich the user can log in to the DMS server. Even if the user account and password are

embezzled at the same time, the embezzler cannot log in to the DMS server. This ensures the

security of the DMS.

3.1.5 Managed Domain

The managed domain specifies the range of devices that a user can manage, or the range ofdevices that a user group can manage.

The limit to the use of the managed domain is shown as follows:

z A new created user has no rights to manage any resources by default.

z Common users cannot assign the managed domain to the admin user or to themselves.

z The devices that a user has no management access are not displayed on the topologyview.

z If a user has no management access to a device, the user cannot obtain the operationaccess.

3.1.6 Operation Rights

Operation rights specify the operations that a user can perform.

The operation rights vary with the operation objects. If a device is not in the managed domain

of a user, the user has no rights to operate the device.


7/32



Administrator Guide


3.1.7 Authority and Domain Based Management

The NMS provides authority and domain based management, which allows different users to

manage different objects. Thus, departments from different domains and levels can manage

the network coordinately.

The authority and domain based management encompasses two parts: authority managementand domain management.

Domain Management

Domain management is to classify device nodes, services, or data into different domains, and

assign the management authorities to the domain administrator. Then, the managed objects ofthe domain administrator can be controlled.

Authority Management

Authority management is to classify authorities into different levels such as maintenanceauthority, operation authority, and monitoring authority. Through the authentication, a useraccount is valid only in a certain domains and cannot manage other domains.

3.1.8 User Right Allocation Policy

The security attributes of a user include the login time segment, locked status, and bound IP

address. For the description of attributes and related operations, see Table 3-1.

Table 3-1Security attribute of a userRight Description Operation

Login timesegment

According to the login time

segment, you can control the

time when the user logs in tothe DMS server.

When creating a user account,

configure the information of logintime segment.

Locked status When the user fails to login

within the specified attempts

(3 attempts by default), theaccount is locked. The lockeduser cannot log in to the DMS.

When the time for the locked status

exceeds the set time (30 minutes by

default), the system automaticallyunlocks the account. You canmanually unlock the account.

Bound IP address Generally, the DMS does not

limit the IP address of theclient that the user logs in to.

Once the user binds the IP

address, the IP address of theclient, which the user logs in

to, must be bound to the IPaddress list.

Change the IP address list bound to

the user by modifying the attributesof the user account.


8/32




Right Description Operation

Account expiringtime

Setting the expiring time of an

account, you can enable theaccount to be invalid after the

account exceeds the expiringtime.

Set the account to be valid forever

when you set up a long-termaccount.

Set expiring days of an account

when you set up a temporaryaccount.

Suspend account Set the account to be

suspended.

For maintenance, you can set some

accounts to be suspended.

Password expiringtime

Setting the expiry of thepassword, you can enable a

user to modify the password ina certain period of time.

Set the password to be validforever. The user can use the

current password.

Set the password not to validforever and set the expiring time of

the password to enable the user tomodify the password in the certainperiod of time.

3.2 Creating User Flow Chart

The complete flow chart of creating a user contains the operations of creating an operation set,

a user group and a user.

In the real operation, the system pre-sets many operation sets and user groups. So the

administrator only needs to perform the operations described in section 3.5 "Creating a User,"if it is not necessary to set a special operation set and user group.

Figure 3-1 shows the complete flow chart of creating a user.


9/32



Administrator Guide


Figure 3-1Complete flow chart of creating a userStart

Create operation set

Create a user group

Create a user

End

3.3 Creating an Operation Set

Description

Crating an operation set.In the NMS, a user can define operation sets according to actual management needs. Thus, the

user can divide the operation granularity according to different application needs.

Precaution

The user has the right to create an operation set.

Procedure

Step 1 In the NMS, choose System > Security Management. Then the security managementinterface is displayed.

Step 2 On the Security Object navigation tree on the left, choose the Operation Sets node. Rightclick and choose New Operation Set.

Step 3 The New Operation Set dialog box is displayed, as shown in Figure 3-2.Step 4 Configure the parameters Name, Description, Type and Subtype of the operation set. For the

description of parameters, see Table 3-2.


10/32




Figure 3-2New operation set

Table 3-2Parameter description in the new operation set dialog boxParameter Description Setting

Name z It refers to the name of an operation set.

z It is a mandatory item.

z It cannot be null or be the same with thatof an existing operation set.

It must be a string with 1 to64 characters.

Description You can enter other descriptions here. It must be a string with 0 to64 characters.

Type It refers to the security type in the NMS. It is FixedNetwork Device

Management by default.

It is selected from thedrop-down list.

Subtype It refers to the subtypes of each security

type.

It is 3rd-Party Device by

default.

It is selected from thedrop-down list.

Step 5 ClickOK and return to the security management interface.Step 6 On the navigation tree on the left, click the new-created operation set. Select the Operations

tab in the working area on the right.

Step 7 ClickAdd. The Add Operation dialog box is displayed, as shown in Figure 3-3.Select the operations contained in the operation set. ClickAdd to add the operations in theselected box.


11/32



Administrator Guide


Figure 3-3Adding operations

Step 8 ClickOK and return to the security management interface. Complete the creation of theoperation set.

----End

3.4 Creating a User Group

Description

Create a new user group.

In the NMS, a user can define a user group according to actual application needs and allocate

different rights to the user group. Thus, the rights can be fractionalized.

Precaution

The user has the right to create a user group.

Procedure


Step 2 On the Security Object navigation tree on the left, choose the User Groups node. Right clickand choose the

New User Groupmenu.


12/32




Step 3 The Create New User Group dialog box is displayed, as shown in Figure 3-4.Configure the Name and Description of the user group. Select the value in Limit maximumnumber of sessions. IfYes is selected, you need to configure the Maximum number of

sessions.

If it is needed to set the group administrator, click . The Set User Group Administrator

dialog box is displayed. Select the administrator. ClickOK and return to the Create NewUser Group dialog box.

For the description of parameters, see Table 3-3.

Figure 3-4Creating a new user group


13/32



Administrator Guide


Table 3-3Parameter description in the create new user group dialog boxParameter Description Setting

Name z It refers to the name of a user group.

z It is mandatory.z It cannot be null or be the same with that

of an existing user group.

It must be a string with 1 to

20 characters.

Description You can enter other descriptions here. It must be a string with 0 to

48 characters.

Limit

maximumnumber ofsessions

It refers to whether the user group is limitedby the maximum number of session.

You can select Yes or No.By default, it is No.

Maximum

number ofsessions

It refers to the maximum number of

sessions of the user group. When the Limitmaximum number of sessions is Yes, youcan configure this parameter.

By default, it is 5.

Value range: 05.

Group

Manager

The administrator can add users, allocate

the domain and operate the rights.By the button , select agroup administrator.

Step 4 ClickOK and return to the security management interface.Step 5 This step is optional. By this step, you can add the created user to the user group.

1. On the navigation tree on the left, click the new-created user group. Select the Memberstab in the working area on the right.

2. ClickAdd. The Add Operation dialog box is displayed, as shown in Figure 3-5.

3. Select the user to be added to the group. ClickAdd.

4. ClickOK and return to the security management interface.


14/32




Figure 3-5Adding users

Step 6 On the navigation tree on the left, click the new-created user group. Select the ManagedDomain tab in the working area on the right.

Step 7 Expand the Submap andthe Resource Group, and then corresponding sub-items.Selecting the check box before the device in the AS domain, you can configure themanagement domain of the device for the user group, as shown in Figure 3-6.

ClickApply.


15/32



Administrator Guide


Figure 3-6Setting the managed domain of the user group

Step 8 On the navigation tree on the left, click the new-created user group. Select the OperationRights tab in the working area on the right.

1. ClickAdd. The Add Right dialog box is displayed, as shown in Figure 3-7.

2. Choose Type, Subtype, Operation Object and Operation. Click Add.3. ClickOK and return to the security management interface.


16/32




Figure 3-7Adding rights

Step 9 In the navigation tree on the left, click the new user group, and then select the CurrentSession tab.

The user information of the user group is displayed.

----End

3.5 Creating a User

3.5.1 Adding a User

Description

Create a new user.

Precaution

The user has the right to create a new user.

Procedure


Step 2 On the Security Object navigation tree on the left, choose the Users node. Right click andchoose New User.


17/32



Administrator Guide


Step 3 The New User dialog box is displayed, as shown in Figure 3-8. For the description ofparameters, see Table 3-4.

Figure 3-8New users

Table 3-4Parameter description of adding new usersParameters Description

Name The length of the character string is from 6 to 20. The parameter

cannot be null or cannot be the same with that of an existing usergroup.

Full name It is a string with characters less than 80. It shows the full name

of the user. This parameter can be null.

Description It is a string with characters less than 245. It is the information

that the maintenance personnel needs to describe. This parametercan be null.

Password It is the password of the new-created user and is not null. The

length of the character string is from 8 to 16. It must contain a

figure and a letter, but not an entire user name or an entire word.It cannot be the incremental, descending, or interval sequence offigures and letters.


18/32




Parameters Description

Confirm password Confirm the password. This parameter must be the same with thepassword.

Suspend account It can be Yes or No. By default, it is No.

Account always valid It can be Yes or No. By default, it is No.

Account validity(days) If you choose No in the Account validity check box, you can

enter the validity days in the box. You can also use the defaultvalue 180.

Password always valid It can be Yes or No. By default, it is No.

Password validity

(days)

If you select Yes in the Password validity check box, no limit is

on the days. If you choose No in the Password validity checkbox, you can input the validity days in the box. It is 90 days by

default.

Login duration Limit the time when the user logs in to the system. It is any timeby default. Click ... on the right to enter the time. Add the timewhen the Login time dialog box appears.

Lock account on no

login

If the user does not log in to the system in the specified period of

login, the account of the user is locked.

No login period(days) Specifies the maximum days of the interval of user login. WhenLock account on no login is Yes, it is 30 days by default.

Must modify password If choosing Must modify password, the user must modify thelogin password when logging in to the system first time.

Max. online users arerestricted

If you choose Max. online users are restricted, the amount ofthe online users is limited by the Max. online users.

Max. online users It specifies the amount of the users who is online at the same

time. When you choose Yes in the Max. online users arerestricted, the amount is valid. The value range is from 1 to 255.It is 30 by default. When the user logs in, the systemautomatically judges whether the amount of the users reaches the

maximum value according to the DMS license. If the amount ofusers reaches the maximum value, the user fails to log in.

Managed User Groups It specifies the user groups managed by the user. Choose the user

group by clicking .

Step 4 Select the Advanced tab. Configure the advanced information of the user, as shown in Figure3-9.

The rights are granted to the user in the advanced information. There are two modes ofgranting rights, "belong to" and "copy the user rights ".

z Belong to

Select the user group, to which the new user belongs. After the new user is granted to the user

group, the user has the management and operation rights of the user group.


19/32



Administrator Guide


z Copy the user rights

Copy the user rights to the new user. And then the new user has the management and

operation rights of the user whose rights are copied to the new user.

Figure 3-9Advanced information of the users

Step 5 ClickOK.----End

3.5.2 Adding Users to a User Group

Description

Add users to the user group.

Precautionz If you do not allocate the user to the user group, you can directly grant the managed

domain and operation rights to the user.

z After a user is added to the user group, the user has the managed domain and operationrights of the user group.


20/32




z If you grant the user group, managed domain and operation rights to the user, the userhas the rights of the user group, managed domain and operations.

Procedure

Step 1 On the navigation tree on the left, click the new-created user. Select the Groups tab in theworking area on the right.

Step 2 ClickAdd. The Add User Group dialog box is displayed, as shown in Figure 3-10.Step 3 Select the user group that the user belongs to. ClickAdd.Step 4 ClickOK. Complete the operations on the user group that the user belongs to.

Figure 3-10Adding user groups

----End

3.5.3 Setting User ACL Rights

Description

Configure the clients that can log in to the DMS server.

Precautionz If you do not select the Enable user ACL check box, you can log in from any client in

the ACL.


21/32



Administrator Guide


z If you select the Enable user ACL check box, you can log in only from the selectedclient.

Procedure

Step 1 On the navigation tree on the left, click the new-created user group. Select the ACL Settingtab in the working area on the right.

Step 2 ClickSet ACL.The Set ACL dialog box is displayed.

Step 3 ClickAdd. The Add dialog box is displayed, as shown in Figure 3-11.Step 4 Enter the IP address of the user or the network segment that the user belongs to. ClickOK.

The IP address of the network segment is shown in the form of IP network segment address/mask, such

as 10.71.60.0/24. That is, the legal user can log in to the server from the client whose IP address ranges

from 10.71.60.1 to 10.71.60.254.

Figure 3-11Adding an ACL

Step 5 Return to the Set ACL dialog box. ClickClose.Step 6 In the ACL Setting tab, select the Enable user ACL check box. Select the Access Allowed

check box. Set that the user can only access from the selected IP address or network segment.

Step 7 ClickApply.----End


22/32




3.5.4 Granting the Managed Domain to a User

Description

Grant the managed domain to a user.

The managed domain of the user can be adjusted based on the rights of the user group.

z If the user belongs to the default maintenance group, the user has the managed domain ofall devices in the submap that can be managed by the user group.

z If the user does not belong to the default maintenance group, you can adjust and thenclarify the resource that can be managed by the user.

Precaution

During the procedure of granting the managed domain to the user, the granted rights cannot

exceed the managed domain of the current user.

Procedure

Step 1 ChooseSystem > Security Management.Step 2 On the Users node of the Security Object navigation tree, click the user to be configured.Step 3 Select the Managed Domain tab in the information area displayed on the right of the

window.

Step 4 Choose the devices that can be managed by the user, as shown in Figure 3-12.


23/32



Administrator Guide


Figure 3-12Granting the managed domain to a user

Step 5 ClickApply to grant the managed domain to the user.----End

3.5.5 Granting Operation Rights to a User

Description

Grant operation rights to a user.

Procedure

Step 1 ChooseSystem > Security Management.Step 2 On the Users node of the Security Object navigation tree, click the user to whom the

operation rights are granted.

Step 3 Choose the Operation Rights tab in the information area displayed on the right of thewindow.

Step 4 ClickAdd.Step 5 In the opened Add Right dialog box, select Type and Subtype. Select the operation name.

ClickAdd. Add the name to the operation domain box, as shown in Figure 3-13.


24/32




Figure 3-13Granting operation rights to a user

Step 6 ClickOK to add specified operation rights to the user.----End

3.6 Forcing a User to Exit

Description

Force the user who logs in to the DMS to exit.

Precautionz Only the user, who has the right of forcing other users to exit, can perform the operation.

z The admin user can force other users to exit and other users cannot force the admin userto exit.

Procedure

Step 1 ChooseSystem > Security Management.Step 2 On the Security Object navigation tree, choose the Users node.Step 3 Right click the page. In the short-cut menu that is displayed, choose Login User

Information.

The information of the user who logs in is displayed in the window on the right.


25/32



Administrator Guide


Step 4 Choose the user who is going to exit forcibly. Right click the page. Choose Force to Exit inthe short-cut menu that is displayed.

Step 5 In the confirmation dialog box, which is displayed, clickOK.----End

3.7 Sending a Message to Selected Client

Description

Send a message to the specified client or all other clients to enable the users who are indifferent places to exchange the maintenance information in real time.

Procedure

Step 1 Choose System > Security Management.Step 2 On the Security Object navigation tree, choose the Users node.Step 3 Right click the page. In the short-cut menu that is displayed, choose Login User

Information.

The information of the user who logs in is displayed in the window on the right.

Step 4 Perform the following the two operations:z Select the user who receives the message. Right click the page. Choose Send Message to

Selected Client, you can send a message to the selected client.

z In the current user, right click to choose Send Message to All Other Clients. You cansend the same message to all other clients.

Step 5 In the Send Message to Selected Client or Send Message to All Other Clients dialog boxthat appears, enter the contents of the message. ClickSend.

----End

3.8 Configuration Example for Authority and DomainBased Management

3.8.1 Application Scenario

Corporate users can manage specified Core Router (CR) and Border Router (BR) devices.

State or provincial users can do the following:

z Manage all Access Router (AR) devices inside the state or province

z Monitor directly-associated BR devices

State or provincial users cannot manage CR devices.


26/32




3.8.2 Configuration Roadmap

Figure 3-14Network planning diagram

User Group-1 and User Group-2 are user groups for a state or province.

Classifying SubmapClassify submaps according to states or provinces, and a state or province corresponds to a

submap. A submap contains only AR devices inside the state or province. BR and CR deviceslocate in the physical view and are not classified, as shown in Figure 3-14.

Classifying User Groupsz Core monitor group

Manages and monitors specified CR and BR devices, but cannot perform configuration

operations.

z State or provincial user group

Manages AR devices in the state or province only, and has operation authorities.Configuration operations to AR devices in the state or province are allowed.

Classifying User Authorities

Create a state or provincial user for each state or province. The user features the following:

z Belongs to the state or provincial user group and core monitor group.

z Manages all AR devices in the state or province.

z Monitors directly-associated BR devices.

Figure 3-15 shows the management range of the state or provincial user.


27/32



Administrator Guide


Figure 3-15Management range of the state or provincial user

3.8.3 Configuration Guide

Here takes configuring the User-1 user as an example. The configuration of the User-2 user isthe same.

Figure 3-16 shows the operation flowchart.

Figure 3-16Operation flowchart

Create an operation set

End

Create the core monitor group

Create the user group-1

Create the user-1

Start


28/32




Creating an Operation Set

In the system, there are many types of preset operation sets for operators, watchers, and

maintainers. A user can also customize an operation set. For details, see section 3.3 "Creatingan Operation Set."

Creating the Core Monitor Group

Step 1 Create the Core Monitor Group.1. In Security Object navigation tree on the left, select the User Groups node. Right-click

it, and select New User Group.

2. The Create New User Group dialog box is displayed.

Enter Core Monitor Group as the user group name, and enter description information.

3. ClickOK.

Step 2 Set Managed Domain for Core Monitor Group.1. In navigation tree on the left, click Core Monitor Group, and select the Managed

Domain tab in the working area on the right.

2. Expand Submap > Physical Map, select Physical Map, but do not select UserGroup-1(AR) and User Group-2(AR), as shown in Figure 3-17.

The Core Monitor Group can monitor all BR and CR devices.

Figure 3-17Setting managed domain for the core monitor group

3. ClickApply.

----End

Creating the User Group-1

Step 1 Create the User Group-1.1. In Security Object navigation tree on the left, select the User Groups node. Right-click

it, and select New User Group.

2. The Create New User Group dialog box is displayed.

Enter User Group-1 as the user group name, and enter description information.

3. ClickOK.


29/32



Administrator Guide


Step 2 Set Managed Domain for User Group-1.1. In navigation tree on the left, clickUser Group-1, and select the Managed Domain tab

in the working area on the right.

2. Expand Submap > Physical Map, select User Group-1(AR), as shown in Figure 3-18.

Figure 3-18Setting the managed domain for the user of User-1

3. ClickApply.

Step 3 Set Operation Rights for User Group-1.1. Select the Operation Rights tab in the working area on the right. ClickAdd.

The Add Right dialog box is displayed.

2. Select Network Management Application for Type, select values for Subtype in turn,

and add related operator operation sets to the operation authority list.

3. Select Fixed Network Device Management for Type, select values for Subtype in turn,and add related operator operation sets to operation authority list, as shown in Figure3-19.


30/32




Figure 3-19Setting operation authorities for User Group-1

4. ClickOK.

----End

Creating the User-1

Step 1 Create a user for User Group-11. In Security Object navigation tree on the left, select the Users node. Right-click it, and

select New User.

2. Set general information, as shown in Figure 3-20.


31/32



Administrator Guide


Figure 3-20Creating a user

3. ClickOK.

Step 2 Set the user group that the User-1 belongs to.1. ClickUser-1, and select the Groups tab in the working area on the right.

2. ClickAdd.

The Add User Group dialog box is displayed.

3. Select User Group-1 and Core Monitor Group, and clickAdd.

4. ClickOK.

Step 3 Set the ACL authority for the user.Select the ACL Setting tab in the working area on the right, and set ACL for Area-1 User.For details, see 3.5.3 "Setting User ACL Rights."

Step 4 Set the managed domain for User-1.1. Select the Managed Domain tab, and expand Submap > Physical Map.

2. Select all devices in User Group-1 and all directly-associated BR devices, and clickApply.

Step 5 Set operation rights for User-1.1. Select the Operation Rights tab in the working area on the right. ClickAdd.


32/32



The Add Right dialog box is displayed.

2. Select Fixed Network Device Management for Type, select NE40E for Subtype, andthen select NE40E-1(BR) in the Operation Object area.

3. Select NE40E Monitor Operation Set, and clickAdd.

4. ClickOK.

----End

3.8.4 Verifying the Configuration Example

Step 1 Log in to the NMS client as the User-1.Figure 3-21 show the topology view.

Figure 3-21Topology view for the User-1

Step 2 Verify the operation authorities of the User-1 to AR and BR devices.

The User-1 has operations authorities to all devices in the state or province, but can only

monitor directly-associated BR device NE40E-1.

----End

01-03 DMS User Management

Documents