Transcript of User Management
Folie 1User Management
Nokia Solutions and Networks Academy
Legal notice
Intellectual Property Rights
*
Module Objectives
At the end of this module the student will be able to:
Identify the User Management Objects and User Management
Tasks.
Create, Modify, Delete User Groups, User Accounts and Permissions
in NetAct.
Manage user groups access to network views and Network
Elements.
Create, Modify, Delete Network Element access Credentials.
*
Module Content
User Management in NetAct
User Management in NetAct
*
User Management in NetAct
User Management in NetAct
User Group:
Permission:
An object that describes the authority to perform certain
operations.
Scope:
A collection of definitions that limit the validity of the
permissions into a certain area.
*
User Management in NetAct
User Management Objects: Scope and Network Views Scope
Enables the definition of a working scope for user groups and their
users to control the monitoring scope dedicated to different
groups.
Maintenance Region
*
User Management in NetAct
Exercise 1
Security Management Framework
List the User Management Objects and explain the functionality of
each of them.
*
*
User Account Management
User Account Management
Create and modify user profiles and user accounts
Create and modify group
Update user profiles
Update account passwords
Configure password policies
Unlock user account
Import and export of user and group data
*
User Account Management
NetAct application
These user accounts are used by WebSphere for user application
authentication.
LDAP server administrator
This is the administrative account of the directory server, also
known as LDAP Manager.
Oracle Database
These user accounts are used for accessing the Oracle
database.
WebSphere Administrator
This user account is used for accessing WebSphere Application
Server.
Linux OS (POSIX)
*
User Account Management
User Management Tool
User Account Management
Check box to: Modify, Delete, Activate/Deactivate
*
User Account Management
(3) Click on Create
Login details are listed after step 2
(1) Enter the user and login details.
(2) Select user group
User Account Management
Configuring Passwords Policy
Password policy is a set of rules that govern how the passwords are
used in a given system
User Management → Administration → Policy Configuration
*
User Account Management
*
User Account Management
Check box to: modify / delete group
*
User Account Management
Creating Primary Groups
*
User Account Management
Groups Management From Permission Manager
Create new secondary groups, explore user groups, related users and
roles.
Assign users to or remove users from groups.
Manage scope of group-role combinations.
Display and manage group-role permissions.
*
User Account Management
User Management → Administration → Export Users and
Permissions
*
User Account Management
User Management → Administration → Import Users and
Permissions
XML template file available for download
*
Exercise 2
User Account Management
List the Tasks associated with the User Account Management and the
tools required to execute them
List the types of User Accounts available in NetAct system and
explain the usage of each of them.
List the Active User Accounts in the system. Write down three of
them indicating name of the user and corresponding login
name.
Create a new user for yourself using your own first name, last name
and email address. List the steps for executing this task.
*
*
Permission Management
Permission Management
Create, copy and modify roles.
Grant or Revoke Permissions to customized roles
Associate and unassociate roles to group
Assign / unassign Scope to group-role combination
Assign / unassign Network Views Scope to group-role
combination
The Permission Management in NetAct is composed by all the tasks
required to assign Permissions and Manage Roles and Scopes.
A user can be a member of multiple groups, and each group can have
multiple roles associated to it.
*
Permission Management
Create
Group
Assign
*
Permission Management
Every role is either a default or a customized role.
Default roles are created by the system and they have default
permissions.
Permissions are granted to roles and then roles are granted to
groups.
Each group can have multiple roles granted to it
1.psd
Permission Management
*
Permission Management
*
Permission Management
The new role can be granted any combination of permissions
*
Permission Management
Copying a Role
The new customized role is created and is visible in the tree under
Roles
Right click to copy
*
Permission Management
Managing the Scope
To be able to edit the scope, a group must have a role and a role
must have a group attached to it
With Scope Editor tool the user can assign Maintenance Regions and
Network Elements as the scope
Tools →Administration → Permission Management → Scope Editor
*
Permission Management
Assigning Network View Rights
The network view scope defines the set of view folders including
their views that can be operated on by groups of users
Tools →Administration → Permission Management → Network View Scope
Editor
*
Exercise 3
Managing Permissions
List the tasks to execute in order to assign the correct
permissions to the users and grant them access to network elements
and network views
What is the difference between a default role and a customized
role? How could you modify a default role?
Working with the group created in the Exercise 2, assign
roles/permissions and scopes to your group accordingly to the
trainer instructions.
Modify your user and assign it your new group
*
*
Network Element Access Control
Network Element Access Control
NEAC
*
Network Element Access Control
Network Element Access Control
Service Type
The service type is an interface or protocol used to communicate
with the network element. For example, FTP Access, FTAM Access,
HTTP Access, etc.
Profile
The profile defines what commands a service user can provide for a
managed object. For example, if you choose FTP Access as a service
type, it supports the following profiles: • FTP Read Access - The
service user can perform only read operations in the system. • FTP
Write Access - The service user can perform both read and write
operation in the system.
Group
The group refers to the application groups present in the system.
For example, sysop, dba, etc. If the service user is associated to
more than one group, click Several Groups to view the list of
groups.
Service User
A service user is a managed object user account with an ID,
password and authority profile. The user account is used by NetAct
applications to access managed objects through a specific service
type.
Network Element / MR
*
Network Element Access Control
Creating a Service User
Network Element Access Control
Modifying a Service User
Network Element Access Control
*
Network Element Access Control
*
Network Element Access Control
Provisioning of credentials from NetAct to network elements:
Provisioning Status
Status
Description
Ongoing
Provisioning for service users has been started to all or a
selected number of NEsin the corresponding maintenance region which
support account provisioning. The provisioning is still
ongoing.
Completed
All provisioning operations were successfully completed on all NEs
in the corresponding maintenance region, which support account
provisioning. The network elements and the NEAC repository are in
sync. Note: When new network elements are added to a maintenance
region then the status of the service user is not changed: It
remains completed. The new network elements can be seen in Details
of latest Provisioning with status new. But there is no account
been created in these network elements. To create them, start
provisioning again for the service user. The accounts will then be
created on the new network elements.
Partly
*
Network Element Access Control
Provisioning of credentials from NetAct to network elements:
Provisioning Status
Status
Description
Failed
Provisioning operation for the service user has ended. Provisioning
to all network elements failed. After solving potential network or
configuration problems, restart provisioning for this service user
again.
New
New service user who was never provisioned to the network before.
To provision the credentials start provisioning for this new
service
Modified
Modified service user. The password of this service user has been
modified after the latest provision operation. The passwords on the
network elements and in NEAC repository are different. Note: If the
NE supports provisioning, then the new password defined in NEAC
repository will be only activated after it has been successfully
provisioned to the NE. The old password will be still used to
connect to the NE as long as the provision status of the NE is
modified or failed. To provision the new password to the network
elements and to activate it, start provisioning for this service
user again.
Not Supported
*
Exercise 4
Network Elements Account Management
What is a Service User? What is the functionality of Service Users
in NetAct and how do they interact with the Network Elements? What
are the Service Types Associated to these users?
What is the purpose of the NEAC application? Is this functionality
available for all network elements in the Network?
Create a new Service User for the type of network elements and
service that your trainer indicates. Write down the parameters
required for the creation of this Service User.
Working with the group created in the Exercise 2, grant this group
the credentials created in the last step.
*