7/30/2019 OAN000205 User Right Management ISSUE1.0
1/39
ISSUE
Fixed Network Curriculum
Development Section
OAN000205 User RightManagement
1.0
7/30/2019 OAN000205 User Right Management ISSUE1.0
2/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
2
References
N2000 User Manual (V2.10)
7/30/2019 OAN000205 User Right Management ISSUE1.0
3/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
3
Objectives
Master how to create a user and
set authority for the user
Upon completion of this course, you will be able to:
7/30/2019 OAN000205 User Right Management ISSUE1.0
4/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
4
Course Contents
Chapter 1 Basic Concepts
Chapter 2 User Management
Chapter 3 User Group management
Chapter 4 Operation Set Management
Chapter 5 Other Functions
7/30/2019 OAN000205 User Right Management ISSUE1.0
5/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
5
Main Window for User Right Management
7/30/2019 OAN000205 User Right Management ISSUE1.0
6/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
6
Functions of User Right Management
User Right Management is to manage the security of the system.
It decides who can log in to the system, what operations the login
users can perform, and which devices and boards the login users
can manage.
User right consists of:
ACL (Access Control List) right: It decides the client from which a
user can log in to the system.
Operation right: It decides the operations that can be performed by
the login user.
Management right: It decides the devices and boards that can be
managed by the login user.
7/30/2019 OAN000205 User Right Management ISSUE1.0
7/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
7
User admin
After the system is initially installed, there is only one user
"admin" by default. And the initial system ACL is empty. The user
can only log in as "admin" from the server.
"admin" is a super user who has all operation and management
rights. Like other users, "admin" can be configured to log in from
a specified client. The difference is that admin has all the rights.
Other user accounts are directly or indirectly created by "admin".
In the NMS, only one user can log in as "admin" at the same time.
For other user accounts, multiple users can log in as the sameaccount at the same time. "admin" can force any other users to
exit.
7/30/2019 OAN000205 User Right Management ISSUE1.0
8/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
8
User Group
User group is a group of NMS users that have the same
management and operation rights. User group management can
simplify right assignment. When the system is installed, three
default user groups are already assigned with the corresponding
rights. The default user groups cannot be deleted.
Maintainer Group: Perform daily maintenance operations.
Operator Group: Perform ordinary query and setting operations.
Watcher Group: Perform query operations only.
A user can be added to many user groups and has a collection ofrights of all these user groups.
7/30/2019 OAN000205 User Right Management ISSUE1.0
9/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
9
ACL Management
ACL management are conducted at two layers.
At the first layer, the system ACL specifies the range of IP
addresses of the system clients. The users can log into the
system from the clients within this range only.
At the second layer, the user ACL specifies the users that canlog into the system from the clients specified in the system ACL.
7/30/2019 OAN000205 User Right Management ISSUE1.0
10/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
10
Operation Set
Operation set is a group of operations. Operation set
management makes right assignment an easier task.
Default operation sets are already assigned to those default user
groups. Default operation sets can be used in right assignment
and assigned to newly created user groups or users.
7/30/2019 OAN000205 User Right Management ISSUE1.0
11/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
11
Management Right
Management Right: Whether or not the user has the right to
manage the specified device and board.
In the topological view, the devices which the user has no right to
manage will not be shown to the user, and on the device panel,
the boards which the user has no right to manage will not be
shown to the user either.
When a user is created, he is not authorized to manage
any resource by default. The user can't assign management
right to the super user or himself. If a user is not authorized adevice, it is impossible to assign the operation right of the device
to him.
7/30/2019 OAN000205 User Right Management ISSUE1.0
12/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
12
Course Contents
Chapter 1 Basic Concepts
Chapter 2 User Management
Chapter 3 User Group management
Chapter 4 Operation Set Management
Chapter 5 Other Functions
7/30/2019 OAN000205 User Right Management ISSUE1.0
13/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
13
User Management
The functions of user management are as follows:
Create User
Set User ACL Right
Assign User Operation Right
Assign User Management Right
7/30/2019 OAN000205 User Right Management ISSUE1.0
14/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
14
Create User
Create new user of the NMS.
7/30/2019 OAN000205 User Right Management ISSUE1.0
15/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
15
Set System ACL
Set system ACL data, including adding/modifying/deleting ACL.
7/30/2019 OAN000205 User Right Management ISSUE1.0
16/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
16
Set User ACL Right
Specify clients from which the users are authorized to log in.
"Constrained by ACL" is to set whether or not the user is
constrained by ACL. If the check box is cleared, it means that the
user is allowed to log in to the system from any client in the ACL,
otherwise, the user can only log in to the system from the
selected clients in the ACL.
7/30/2019 OAN000205 User Right Management ISSUE1.0
17/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
17
Assign User Operation Right
Authorize or prohibit the user to conduct or from conducting the
specified operations.
7/30/2019 OAN000205 User Right Management ISSUE1.0
18/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
18
Add Operation Right
New Device" right: The user has the same operation right for the
new created device.
7/30/2019 OAN000205 User Right Management ISSUE1.0
19/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
19
Assign User Management Right
Authorize or prohibit the users to manage or from managing the
specified device and board.
7/30/2019 OAN000205 User Right Management ISSUE1.0
20/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
20
Set Management Scope
Search the matching devices and set management status of the
device.
7/30/2019 OAN000205 User Right Management ISSUE1.0
21/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
21
Course Contents
Chapter 1 Basic Concepts
Chapter 2 User Management
Chapter 3 User Group management
Chapter 4 Operation Set Management
Chapter 5 Other Functions
7/30/2019 OAN000205 User Right Management ISSUE1.0
22/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
22
User Group Management
The functions of user group management are as follows:
Create User Group
Assign User Group Operation Right
Assign User Group Management Right
Add User Group Member
7/30/2019 OAN000205 User Right Management ISSUE1.0
23/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
23
Create User Group
Create new user group of the NMS.
7/30/2019 OAN000205 User Right Management ISSUE1.0
24/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
24
Assign User Group Operation Right
Authorize or prohibit the user groups to conduct or from
conducting the specified operations.
7/30/2019 OAN000205 User Right Management ISSUE1.0
25/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
25
Assign User Group Management Right
Authorize or prohibit the user groups to manage or from
managing the specified device and board.
7/30/2019 OAN000205 User Right Management ISSUE1.0
26/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
26
Add User Group Member
Add the specified user to the user group, which makes the user
has the same management and operation right as the user group.
7/30/2019 OAN000205 User Right Management ISSUE1.0
27/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
27
Add User to User Group
1
2
3
4
5
6
7/30/2019 OAN000205 User Right Management ISSUE1.0
28/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
28
Course Contents
Chapter 1 Basic Concepts
Chapter 2 User Management
Chapter 3 User Group management
Chapter 4 Operation Set Management
Chapter 5 Other Functions
7/30/2019 OAN000205 User Right Management ISSUE1.0
29/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
29
Operation Set Management
The functions of operation set management are as follows:
Create Operation Set
Configure Operation Set Member
Assign User Operation Right
7/30/2019 OAN000205 User Right Management ISSUE1.0
30/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
30
Create Operation Set
Create operation set according to the object type.
7/30/2019 OAN000205 User Right Management ISSUE1.0
31/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
31
Configure Operation Set Member
Add or delete operation members in the operation set.
7/30/2019 OAN000205 User Right Management ISSUE1.0
32/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
32
Assign User Operation Right
Authorize or prohibit the user to conduct or from conducting the
specified operations.
1
2
3
4
5
6
7
7/30/2019 OAN000205 User Right Management ISSUE1.0
33/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
33
Check Operation Set Assignment
7/30/2019 OAN000205 User Right Management ISSUE1.0
34/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
34
Course Contents
Chapter 1 Basic Concepts
Chapter 2 User Management
Chapter 3 User Group management
Chapter 4 Operation Set Management
Chapter 5 Other Functions
7/30/2019 OAN000205 User Right Management ISSUE1.0
35/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
35
Browse User Operation Log
7/30/2019 OAN000205 User Right Management ISSUE1.0
36/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
36
Realtime Monitoring User Operation Log
View operations conducted by the login users.
7/30/2019 OAN000205 User Right Management ISSUE1.0
37/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
37
Dump User Operation Log
7/30/2019 OAN000205 User Right Management ISSUE1.0
38/39
Confidential Information of Huawei.No Spreading without Permission. Security Level: Internal
38
Modify User Attributes
7/30/2019 OAN000205 User Right Management ISSUE1.0
39/39
C fid ti l I f ti f H i
39