Scribd
Upload
243 views98 pages

04 OS90514EN15GLA0 User Management

User Management

Uploaded by

Elego13th
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
243 views98 pages

04 OS90514EN15GLA0 User Management

User Management

Uploaded by

Elego13th
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 98

User Management

User Management

Content
1 User Management in NetAct 3
1.1 User Account Management 4
1.2 Permission Management 6
1.3 User Management Objects 8
1.4 Network Element Access 11
2 User Account Management 13
2.1 User Accounts and Groups Administration 14
2.2 User Account Administration 15
2.3 User Groups Administration 26
3 Permission Management 37
3.1 Permission Management Workflow 38
3.2 Managing Roles and Permissions 40
3.3 Scope Management 50
3.4 Network view scope management 54
4 Network Element Access Control 57
4.1 Network Element Credentials Management 58
4.2 Network Element Access Control GUI 60
4.3 Provisioning of credentials from NetAct to network elements 69
4.4 Network Element Access Control CLI 72
4.5 Centralized NE User Management 73
5 Appendix A: Default Roles and Permissions 79
5.1 Administration Roles and Associated Permissions 80
5.2 Fault Management Roles description 81
5.3 Configuration Management Roles description 81
5.4 Performance Management Roles description 82
5.5 Security Management Roles description 82

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
1
User Management

6 Appendix B: Application Permissions 83


6.1 Monitoring Applications Permissions 84
6.2 Configuration Management Application Permissions 85
6.3 Reporting Application Permissions 86
6.4 Security Configuration Application Permissions 87
7 Exercises 89
Exercise 1 91
Exercise 2 92
Exercise 3 94
Exercise 4 96

OS90514EN15GLA0
2 Copyright © 2015 Nokia Solutions and Networks
User Management

1 User Management in NetAct

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
3
User Management

1.1 User Account Management


NetAct 15 uses its own user management tools. This covers both user account management
and user permission management.
Operators can manage user names and passwords locally in NetAct 15 with the web-based
User Management Tool. User access rights for NetAct applications are managed locally in
NetAct with the Permission Management tools (PEM), located in the NetAct Monitor
application desktop.

OS90514EN15GLA0
4 Copyright © 2015 Nokia Solutions and Networks
User Management

User Management in NetAct


User Account Management in NetAct 8

1 © Nokia Solutions and Networks 2014

Fig. 1

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
OS90514EN15GLA0
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Copyright ©2015 Nokia Solutions and Networks.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

1.2 Permission Management


For authority management of users NetAct has the Permission Management (PEM)
application providing the functionalities of Group Explorer, Role Explorer, Scope Editor and
Network View Scope Editor. They provide graphical user interfaces to assign users and
groups to defined roles, to define user role related operations and workflows, and to define
the object scope for users. An example of an operation can be cancelling alarms on the given
target object, such as a certain network element or maintenance region.
The Permission Management application is located inside the NetAct Monitor Application
under the menu Tools Administration.
Permission management is role-based, which means that interrelated permissions are
collected into a role, and the role is associated to a user group. Individual users get
authorities based on the group memberships.
Permission management includes two types of roles: default roles and application-specific
roles. Please note that the attributes of default roles cannot be modified with permission
management tools. The content of the default roles can be modified only during installation or
upgrade.

OS90514EN15GLA0
6 Copyright © 2015 Nokia Solutions and Networks
User Management

User Management in NetAct


Permission Management

• Group Explorer
• Role Explorer
• Scope Editor
• Network View Scope Editor

1 © Nokia Solutions and Networks 2014

Fig. 2

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
OS90514EN15GLA0
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Copyright ©2015 Nokia Solutions and Networks.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

1.3 User Management Objects


Some important concepts related to Account Management and User Permission
Management are introduced below:

User Account
The User Account contains information about the user and the identification data that is used
for authenticating the user. User account may also be collective, meaning that the same
account is used by several people.

User Group
A User Group is a collection of user accounts that is used for collective authorization but not
for authentication.

Permission
Permission is an object of authorization and a list of available operations for the object. The
permission describes the authority that a particular user has.

Role
A Role integrates a group of permissions which may be assigned to one or more user
groups.

Scope
The Scope represents a collection of definitions that limit the validity of the permissions into a
certain area. The area can be for example a Maintenance Region for Managed Objects, a
certain group of Managed Objects or the NetAct itself.

OS90514EN15GLA0
8 Copyright © 2015 Nokia Solutions and Networks
User Management

User Management in NetAct


User Management Objects

User Group:
User Account:
A collection of user
Information and
accounts used for
identification
collective authorization
data about the
user

Permission: Role: A collection of permissions


An object that assigned to specific user groups.
describes the
authority to perform
certain operations.

Scope:
A collection of definitions that limit the
validity of the permissions into a certain
area.
1 © Nokia Solutions and Networks 2014

Fig. 3

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
OS90514EN15GLA0
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Copyright ©2015 Nokia Solutions and Networks.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

User Management in NetAct


User Management Objects: Scope and Network Views Scope

Enables the definition of a working scope for user groups and their users to
control the monitoring scope dedicated to different groups.

Group I Group II
Network Assurance Scope I
Maintenance Maintenance
Region I Network Assurance Scope II
Region II

Maintenance Region
Consists of a group of network elements and their subordinate managed objects, which
are managed by a certain part of an organization. In other words, a maintenance region
represents a maintenance domain.
1 © Nokia Solutions and Networks 2014

Fig. 4

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
OS90514EN15GLA0
10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Copyright © 2015 Nokia Solutions and Networks
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

1.4 Network Element Access


Network element access is primarily the management of network element credentials. The
purpose is to enhance the security of network element access and to ensure its availability.
Network element credentials are managed with the Network Element Access Control (NEAC)
tool. The current version of the tool does not support automatic provisioning of network
element credentials to network elements. They need to be provisioned manually to network
elements after their creation.
Respectively, if network elements are removed from the network, or network element
credentials in network elements are manually removed, it is recommended to delete unused
network element credentials using the Credential management option: Delete credentials.
Modification of network element credentials is not supported yet. As a workaround you can
delete and re-create network element credentials.
Random generation of network element credentials is part of granting a service to a group.
For instructions, see Granting a service to a group.

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
11
User Management

User Management in NetAct


Network Element Access

1 © Nokia Solutions and Networks 2014

Fig. 5

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OS90514EN15GLA0
. . . . .
12
. . . . . . . . . . . . . . . . . . . . . . . . . .Copyright
. . © 2015
. Nokia
. . Solutions
. . and. Networks
.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

2 User Account Management

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
13
User Management

2.1 User Accounts and Groups Administration


User account management in NetAct 15 provides functionality for monitoring, managing and
administering users and groups. With the User Management component, the user
administrator can perform the following actions:
 Create and modify user profile
 Create and modify user account
 Create and modify group
 Associate and unassociate account to group
 Update user profiles
 Update account passwords
 Configure password policies
 Unlock user account
 Activate and deactivate user accounts
 Import and export of user and group data
The user account repository is the Red Hat Directory Server (LDAP), where the account
information is stored in an encrypted format.

2.1.1 User Account Types


Type of User Definition
NetAct Application User These user accounts are used by WebSphere for user
application authentication.
LDAP Server Administrator This is the administrative account of the Directory
Server, also known as LDAP Manager.
Oracle Database User These user accounts are used for accessing the Oracle
Database.
WebSphere Administrator This user account is used for accessing the
WebSphere Application Server.
Linux OS User (POSIX user) These accounts are used, for example, by the HTTP
and LDAP PROCESSES to access the Linux Operating
System.

OS90514EN15GLA0
14 Copyright © 2015 Nokia Solutions and Networks
User Management

2.2 User Account Administration


User account administration is done using the NetAct User Mangement tool. It is a web
based management system and is located on the NetAct Start Page under Security  User
Management. It may also be accessed directly at: https://<hostname>/SecurityManagement.

2.2.1 Listing and Modifying Users


As an administrator, you can get a list of created users using List Users web interface.
In the List Users page, the table contains information such as First name, Last name, Email,
Login Names and Status. Select the checkbox on the left of the name of users to do the
following operations:
 Delete: Delete the selected user or users after selecting the checkbox on the left.
 Activate: Activate the selected user or users.
 Deactivate: Deactivate the selected user or users.
Note: All these operations pop-up a window for confirmation, before performing the actual
task. The maximum number of users in a list user page is twenty. Using the icons, you can
navigate to first page, previous page, next page and last page.
To modify the user information:
1. Select a user in the List Users page using the check box
2. Click on the Modify button
3. The Edit User page appears.
4. Make the required changes in user details and group membership. Select Save.
5. The changes made are saved

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
15
User Management

User Account Management


User Management Tool

1 © Nokia Solutions and Networks 2014

Fig. 6

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
OS90514EN15GLA0
16 . . . . . . . . . . . . . . . . . . . . . . . . . .Copyright
. . © 2015
. Nokia
. . Solutions
. . and. Networks
.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

User Account Management


Listing Users
User Management Operations → Users → List Users

Check box to: Modify, Delete, Activate/Deactivate


1 © Nokia Solutions and Networks 2014

Fig. 7

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
OS90514EN15GLA0
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Copyright ©2015 Nokia Solutions and Networks.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

2.2.2 Creating New Users


The user administrator can create users using the New User web interface. To create a user,
in the New User page, enter the details in Personal Details and Login Profile Details tab.
It is mandatory for the user to be a part of at least one user group. You can select one or
more groups from Available Groups. The user will become a member of the selected
group(s). The first selected group is set as Primary Group.
By checking the options available in Login Profile Details section in New User page, you
can set the following actions for a user:
 Ensure that the user changes the password at first login
 Provide permission for the user to change the password
 Ensure that the user cannot change the password

To Create the User Profile


1. Enter First name, Last name and Email id in Basic tab under Personal details. Email id
is an optional field.
Note:
 While creating a user, space before or after the First name and Last name are omitted.
 The maximum number of allowed characters are 64.
 The maximum number of allowed characters in Email id is 100.
2. Select Additional tab under Personal details.
Enter Employee id, Mobile phone, Business phone, Fax, Address line1, Address line2
and Address line3. These are optional fields.
Note:
 The maximum number of allowed characters in Employee id is 20.
 The maximum number of allowed characters in Mobile phone, Business phone and Fax
are 26.
 The maximum number of allowed characters in Address line1, Address line2 and Address
line3 are 100.
3. Click Create.
This creates a new user profiles and displays in the List user page.

TIP
Clear button under Login profile details section clears the login profile information.
Clear button at the end of New user page clears the entire information in the page.

OS90514EN15GLA0
18 Copyright © 2015 Nokia Solutions and Networks
User Management

To create the Login Profile (A user can exist without a login profile also):
1. Enter Login Name, Password and Confirm password.
According to default password policy settings, a password should have a minimum of
eight characters length, which includes at least two letters, one numeric, three
consecutive digits or letters and one special character other than #, $, *, / and @.
Note:
You can use the Policy configuration page to change the password policy settings.
2. Select the desired group from Available groups to associate a login profile with that
group.
The login profile becomes the member of the selected group.
Note:
 The local user has to be associated with the local group, which means that the association
of Integrated Regional Cluster group to local user cannot be processed.
 In an integrated system (NetAct+regional cluster), the groups that belong to regional
cluster are marked with an asterisk, for example nx2sgrp*.
3. Click Add.
This adds a login profile under Login details section.
4. Click Create.
The login profile is stored in the system.

TIP
Select a login profile under Login details to perform the following operations:
 Click Delete to delete the login profile from the system.
 Click Modify to update the login profile details.

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
19
User Management

User Account Management


Creating Users
(2) Select user group
User Management Operation → Users → List Users → New

(1)(1) Enter
Enter Userthe
anduser
profile
details
and login details.

Login details are listed


after step 2

(3) Click on Create


1 © Nokia Solutions and Networks 2014

Fig. 8

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
OS90514EN15GLA0
20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Copyright © 2015 Nokia Solutions and Networks
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

2.2.3 Configuring Passwords Policy


Password policy is a set of rules that govern how passwords are used in a given system.
The password policy mechanism allows you to dictate such things as the minimum length of
a password, whether users can reuse passwords etc.

WARNING
The changes made using this page will only be applicable for new passwords

Password syntax policy


Using this section, you can define the syntax policy. The password syntax-checking
mechanism ensures that the password strings conform to the password syntax guidelines
established by the password policy.

Password expiry policy


You can set your policy so that passwords expire after a given amount of time. If this policy is
set, the users get a warning before their passwords expire.

Password history policy


You can set password policy to enable password history. The directory stores a specific
number of old passwords. If a user attempts to reuse one of the passwords stored in the
server, the password will be rejected. This feature prevents users from reusing old
passwords that are easy to remember. The password history for a particular user account is
managed here.

Account lockout policy


The lockout policy works in conjunction with the password policy to provide further security.
The account lockout feature protects against hackers who try to break into the directory by
repeatedly trying to guess a user password.

Password storage scheme


The password storage scheme is the type of encryption. SHA (Secure Hash Algorithm) is the
default UNIX-style encryption. You can select any of the other schemes by selecting it from
the drop-down menu. Select Apply for saving the new password policy configuration, else
Clear to reset the rules again.

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
21
User Management

User Account Management


Configuring Passwords Policy
User Management Operations → Administration → Policy Configuration

Password policy is a set of


rules that govern how the
passwords are used in a
given system

1 © Nokia Solutions and Networks 2014

Fig. 9

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
OS90514EN15GLA0
22 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Copyright © 2015 Nokia Solutions and Networks
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

2.2.4 Changing Passwords for Application Users


Any logged user can change his or her own password from the Change Password Page in
the User Management Web Interface.

To change password, select User Management  Administration  Change password.

TIP
Use Password Change tool, to change the password of wassrvid.

1. In Change Password page, enter New password.


2. Enter the same password in Confirm password field.
3. Select Save.
The password will be reset.
4. 4. Select Cancel to reset the information.

WARNING
The password should adhere to the current password policies.

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
23
User Management

User Account Management


Changing Password

User Management Operations → Administration → Change Password

The new password must


adhere to the current
password policies

1 © Nokia Solutions and Networks 2014

Fig. 10

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
24 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OS90514EN15GLA0
. . . . .
Copyright © 2015 Nokia Solutions and Networks
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

2.2.5 Changing Passwords for System Users and “omc” and


“neac” database users
The passwords for the following users are changed using the password tool
/opt/nokia/oss/bin/password-tool.sh.
 omc (application user)
 omc (database user)
 ruim_admin (LDAP user)
 system (database user)
 wassrvid (WebSphere application server admin user)
 neac (database user)

The password tool uses a script that changes the passwords in User Management, System
Credential Access (SCA) and Oracle DB and data sources. For wassrvid user, this script
updates the WAS configuration files.

TIP
The password tool can be invoked with both omc and root user account.

To change the password, execute the command with valid account name and
password.
[omc]$ /opt/nokia/oss/bin/password-tool.sh <account_name>
<old_password><new_password> <type>

Where <account_name> is the name of the user account and <new_passsword> is the
changed password. <old_password> is the existing password, which is optional.
If provided old password details, you can restore the old password in case of any failure.
<type> is the kind of user. For omc user, the type is either db or appserv and for
cn=system_credential_access, and cn=config user, the type is ldapAdmin. This entry is
mandatory for omc and cn=system_credential_access, cn=config users.

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
25
User Management

2.3 User Groups Administration


Group management enables the collection of users into groups based on real-life
organizations, operational responsibilities, or technical permissions, for example. The Group
Explorer tool is used to manage user groups.
Every group is either a default group, a customized group, or a power group.
 Default groups are created by the system and they cannot be deleted.
 Power groups have full permissions and the global scope.
Every user belongs to one primary group and can also belong to any number of secondary
groups.
A primary group is an attribute of a user account (posixAccount) and this means that the
primary group memberships cannot be deleted through permission management, as the
primary group attributes are part of a user account and not part of a user group. The
permission management tools can show all group memberships, also the primary group
memberships. Primary group memberships are usually managed with the NetAct User
Management web interface.
A secondary group is an attribute of a user group (posixGroup). A user can belong to one or
several secondary groups. You can add users to secondary groups by using the editing
dialogs which can be launched from the Group Explorer tool.

2.3.1 Listing, Modifying and Deleting Groups


As an administrator, you can get the list of created groups using List Group web interface. In
List Groups page, the table contains group name and group description. To delete a group,
select the checkbox to the left of the group name and click Delete.
The maximum number of users in a list group page is 20. Using the pagination icons, you
can navigate to first page, previous page, next page and last page.

OS90514EN15GLA0
26 Copyright © 2015 Nokia Solutions and Networks
User Management

Listing Groups Page


List Groups page lists all the groups present in the database. Use List Groups page to
perform the following operations.
 Create a new group: Use New group page to create a new group. To access New group
page, click New button under the list of group in the List groups page.
 Modify group information: Use Update group details page for modifying the group
information. To access Update group details page, click Modify button after selecting
the group to be modified in the List groups page.
 Delete a group: To delete a group, select group to be deleted and click Delete button at
the end of List groups page.
 Filter groups: To filter the groups with group name, enter the first letter of the group name
in the field under group name.

Modifying group information


To edit the group information:
1. Select the group by using the check box to the left of Group Name in the List Groups
page.
2. Click on the Modify button. The Update Group Details page is displayed.
3. Make changes in group description and users associated with the group.
4. Select Save. This saves the changes to the group.
TIP
If the changes are not required, select Cancel.

Deleting groups
To delete a group, go to List Group page:
1. Select one or more groups by ticking the check box on the left of the group name.
2. Select Delete. A dialog box is displayed to confirm the deletion.

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
27
User Management

User Account Management


Listing Groups
User Management Operations → Groups → List Groups

Check box to: modify /


delete group

1 © Nokia Solutions and Networks 2014

Fig. 11

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
OS90514EN15GLA0
28 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Copyright © 2015 Nokia Solutions and Networks
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

2.3.2 Creating Groups


While it is also possible to create user groups via Group Explorer in NetAct Monitor, primary
groups are generally created via the New Group web interface.

2.3.3 Primary Group Creation


To create a group:
1. Enter the following information in the Basic Details section in New Group page:
 Group Name: A unique identifier for the group. The number of character should not be
more than 64. It should not contain special characters such as +, =, ?, ;, ”, /, <, >, and #.
 Group Description: Description for group should not be more than 250 characters.
2. Define users associated to the group using Associate Users section.
The selected user(s) will be associated to the group.
3. Click on the Create button.
The New Group web interface lists Available users. You can select one or more users and
Add them to Selected users to define the users associated to the group. Select Clear, if the
basic details entered are incorrect. When a group is successfully created, a confirmation
message is displayed.

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
29
User Management

User Account Management


Creating Primary Groups
User Management Operations → Groups → List Groups → New

(1) Enter group


details

(2) Select users

(3) Click on Create


1 © Nokia Solutions and Networks 2014

Fig. 12

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
30 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OS90514EN15GLA0
. . . . .
Copyright © 2015 Nokia Solutions and Networks
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

2.3.4 Secondary Groups Management


While it is also possible to create user groups via the New Group web interface, secondary
groups are generally created via Group Explorer in NetAct Monitor.
To start Group Explorer, open NetAct Monitor and select Tools → Administration →
Permission Management → Group Explorer.

Creating a new group


You can create a new group using the Create New Group dialog in the Group Explorer.
1. Go to Group Explorer.
 Select File → New → User Group...
 Alternatively, right-click the Groups item in the tree and select Create New Group...
The New Group dialog opens.
2. Enter the name of the new group in Name field. The maximum length of the group name
is 32 characters. Valid characters are a-z, A-Z and 0-9. No special characters are
allowed.
3. Click Finish.
The new customized group is created and visible in the tree under Groups

Adding users to a group


You can add users to a group in the Group Explorer Add/Remove Users to Group dialog.
The users need to exist already. They cannot be created using these permission
management tools.
1. Go to Group Explorer.
2. Right-click a group name or icon in the tree and select Add/Remove Users to Group...
 The Add/Remove Users to Group dialog opens.
 The available users are shown in the Available list box.
3. Select the user you want to add to the group.
To select several users, press and hold down CTRL and click each desired user.
4. Click the move right arrow icon.
 The user is added to the Selected list box.
 To add all users to the group, click the move all right arrow icon.
5. Click OK.
The users have been added to the group.

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
31
User Management

Removing users from a group


You can remove users from a group in the Group Explorer Add/Remove Users to Group
dialog.
1. Go to Group Explorer.
2. Right-click a group name or icon in the tree and select Add/Remove Users to Group...
The Add/Remove Users to Group dialog opens.
The selected users (group members) are shown in the Selected list box.
3. Select the user(s) you want to remove from the group.
4. To select several users, press and hold down CTRL and click each desired user.
5. Click the move left arrow icon.
The user is added to the Available list box.
To remove all users to the group, click the move all left arrow icon.
6. Click OK.
The users have been added to the group.

Deleting a group
You can delete groups in the Group Explorer Delete Group dialog.
1. Go to Group Explorer.
2. Right-click a group name or icon in the tree and select Delete Group...
The Confirmation dialog opens.
When the group has roles or users attached, a warning is shown before you can delete
the group.
3. Click OK.
The group has been deleted and removed from the tree.

OS90514EN15GLA0
32 Copyright © 2015 Nokia Solutions and Networks
User Management

User Account Management


Groups Management From Permission Manager

• Create new secondary groups, explore user


groups, related users and roles.
• Assign users to or remove users from groups.
• Manage scope of group-role combinations.
• Display and manage group-role permissions.

1 © Nokia Solutions and Networks 2014

Fig. 13

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
OS90514EN15GLA0
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Copyright ©2015 Nokia Solutions and Networks.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

2.3.5 Exporting Users, Groups and Permissions


In NetAct 15 it is possible to export the currently created groups, users and permissions in
bulk.
Select User Management  Administration  Export Users and Permissions. Save the
exported file.
The exported file is in XML format and does not include the user passwords.

WARNING
The default NetAct users omc, wassrvid, ruim_admin, oracle, system and
administrator are not exported.

OS90514EN15GLA0
34 Copyright © 2015 Nokia Solutions and Networks
User Management

User Account Management


Exporting Groups, Users and Permissions
User Management Operations→ Administration → Export Users and Permissions

1 © Nokia Solutions and Networks 2014

Fig. 14

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
OS90514EN15GLA0
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Copyright ©2015 Nokia Solutions and Networks.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

2.3.6 Import Users, Groups and Permissions


In NetAct 15 it is possible to import previously exported file with groups, users and
permissions in bulk.

To Import:
Select User Management  Administration  Import Users and Permissions.

TIP
The import file is XML format. For all imported users, the administrator can define a
default password for all of them. For details on the structure of the input XML file, in
the same import page the administrator can download the template.

User Account Management


Importing Groups, Users and Permissions
User Management Operations→ Administration → Import Users and Permissions

XML template file


available for download

1 © Nokia Solutions and Networks 2014

Fig. 15

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
36 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OS90514EN15GLA0
. . . . .
Copyright © 2015 Nokia Solutions and Networks
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

3 Permission Management

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
37
User Management

3.1 Permission Management Workflow


The Permission Management in NetAct is composed by all the tasks required to assign
Permissions and Manage Roles and Scopes.
A role defines the operations a user can perform for managed objects. In other words, a role
is a set of permissions, and it can be limited by scope (specific maintenance regions and
network elements).
Permission management is role-based, which means that permissions are associated to
roles and the roles are then associated to groups. No roles are directly associated to users. A
user can be a member of multiple groups, and each group can have multiple roles associated
to it. Roles are managed by using the Role Explorer tool.
There are two types of roles: default roles and customized roles. Default roles are created by
the system and have default permissions. Default roles cannot be changed, that is, you
cannot grant or revoke the permissions associated with default roles with the Permission
Management tools. The only way to change default roles is by using the PEM adaptation
deployment feature in the NetAc SDK. If there is a need to create new roles, that is,
customized roles, these can be created with the Role Explorer tool.
To start Role Explorer, open the NetAct Monitor and select Tools - Administration -
Permission Management - Role Explorer.
For more information, see Permission Management Online Help

Permission Management Main Steps:


1. Create group – user groups can be created either by using the User Management Web
interface or the Group Explorer in NetAct Monitor.
2. Assign users to group – this is done with the User Management Web Interface or using
the Group Explorer application.
3. Assign roles to group – this is done using Role Explorer in NetAct Monitor.
4. Define scope – this is done using Scope Editor in NetAct Monitor.
5. Assign network view rights to group – this is done using Network View Scope Editor in
NetAct Monitor.

OS90514EN15GLA0
38 Copyright © 2015 Nokia Solutions and Networks
User Management

Permission Management
Workflow

Group Explorer Role Explorer

Assign Roles to
3
Create Group
1
Group

Scope Editor

Assign Define
2 Users to 4
Scope
Group

User Accounts Network View Scope Editor


have previously
been created
Assign Network
5 View rights to
group

1 © Nokia Solutions and Networks 2014

Fig. 16

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
OS90514EN15GLA0
. . . . . . . . . .
Copyright ©2015 Nokia Solutions and Networks.
. . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

3.2 Managing Roles and Permissions


The default roles are grouped based on TMN management function set groups FCAPS. The
Telecommunications Management Network (TMN) is a protocol model defined by
International Telecommunication Union (ITU) for managing open systems in a
communications network. FCAPS refer to Fault management (FM), Configuration
management (CM), Accounting management (SM), Performance management (PM) and
Security Management (SM). The default roles are a static part; you cannot modify the
attributes of the default roles. The content of the default roles can be modified only during the
installation and upgrade of the system, and not with the Permission Management tools.

OS90514EN15GLA0
40 Copyright © 2015 Nokia Solutions and Networks
User Management

Permission Management
Roles and Permissions
Every role is either a default or
a customized role.

Default roles are created


by the system and they
have default permissions.

Permissions are granted


to roles and then roles
are granted to groups.

Each group can have


multiple roles granted to it

1 © Nokia Solutions and Networks 2014

Fig. 17

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . .
OS90514EN15GLA0 . . . . . . . . . . . . . . . . . . . . . . . . .
. . ©2015
Copyright . Nokia
. .Solutions
. . and.Networks.
. . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
41
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

3.2.1 Assigning a role to one or more groups


You can assign a role to one or more groups in the Role Explorer Assign/Remove Role to
Groups dialog.
1. Go to Role Explorer.
2. Right-click a role name or icon in the tree and select Assign/Remove Role '<rolename>'
to Groups...
The Assign/Remove Role to Groups dialog opens.
The available groups are shown in the Available list box.
3. Select the group to which you want to assign the role.
4. To select several groups, press and hold down CTRL and click each desired group.
5. Click the move right arrow icon.
The group is added to the Selected list box.
6. To assign the role to all groups, click the move all right arrow icon.
7. Click OK.
The role has been assigned to the group(s).
TIP
You can assign multiple roles to a group in the Group Explorer Assign/Remove
Roles to Group dialog.

3.2.2 Removing a role from one or more groups


You can remove a role from one or more groups in the Role Explorer Assign /Remove Role
to Groups dialog.
1. Go to Role Explorer.
2. Right-click a role name or icon in the tree and select Assign/Remove Role '<rolename>'
to Groups...
The Assign/Remove Role to Groups dialog opens.
The assigned groups are shown in the Selected list box.
3. Select the group to which you want to remove the role.
To select several groups, press and hold down CTRL and click each desired group.
4. Click the move left arrow icon.
The group is added to the Available list box.

OS90514EN15GLA0
42 Copyright © 2015 Nokia Solutions and Networks
User Management

Permission Management
Assigning Roles to a Group

1 © Nokia Solutions and Networks 2014

Fig. 18

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
OS90514EN15GLA0
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Copyright ©2015 Nokia Solutions and Networks.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

3.2.3 Showing permissions for a default role


You can show the permissions for a default role in the Role Explorer Permissions for Role
dialog.
1. Go to Role Explorer.
2. Right-click a default role name or icon in the tree and select Show Permissions for
Role...
The Permissions for Role dialog opens.
If the role does not have any permissions, the Information dialog opens with the
message Role has no permissions granted.

3.2.4 Granting permissions to a role


You can grant permissions to a role in the Role Explorer Grant/Revoke Permissions to
Role dialog.
1. Go to Role Explorer.
2. Right-click a role name or icon in the tree and select Grant/Revoke Permissions to
Role...
The Grant/Revoke Permissions to Role dialog opens.
3. Select the context root from the Select Context Root drop-down list.
The permission objects for the selected context root are displayed in the Available
Permission Objects list box.
The Show All check box is a filter for the permissions as follows:
 Selected: All permissions added to the role are shown.
 Unselected: Only the permissions for the selected context root are shown.
4. Select a permission object from the Available Permission Objects list box.
5. Select a permission operation from the Available Permission Operations of the Selected
Object list box.
To select several permission operations, press and hold down CTRL and click each
desired operation.
6. Click the move right arrow icon.
The permission is added to the Selected Permissions list box.
7. Click OK.
The selected permissions have been granted to the role.

OS90514EN15GLA0
44 Copyright © 2015 Nokia Solutions and Networks
User Management

User Management
Granting Permissions to a Role

1 © Nokia Solutions and Networks 2014

Fig. 19

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . .
OS90514EN15GLA0 . . . . . . . . . . . . . . . . . . . . . . . . .
. . ©2015
Copyright . Nokia
. .Solutions
. . and.Networks.
. . . . . . . . . . . . . . . . . . . . . . . . . . .
45
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

3.2.5 Revoking permissions from a role


You can revoke permissions from a role in the Role Explorer Grant/Revoke Permissions to
Role dialog.
1. Go to Role Explorer.
2. Right-click a role name or icon in the tree and select Grant/Revoke Permissions to
Role...The Grant/Revoke Permissions to Role dialog opens.
3. Select the context root from the Select Context Root drop-down list.
The Show All check box is a filter for the permissions as follows:
 Selected: All permissions added to the role are shown.
 Unselected: Only the permissions for the selected context root are shown.
4. Select the permission you want to remove from the Selected Permissions list box. To
select several permissions, press and hold down CTRL and click each desired
permission.
5. Click the move left arrow icon.
The removed permission is added to the available permission objects and operations.
6. Note that to see available operations, you must have a permission object selected in the
Available Permission Objects list box.
7. Click OK.
The selected permissions have been revoked from the role.

3.2.6 Creating a new role


You can create a new role in the Role Explorer Create New Role dialog.
1. Go to Role Explorer. Select File > New > Role...
2. Alternatively, right-click the Roles item in the tree and select Create New Role....
3. New Role Wizard opens.
4. Enter the details for the new role.
 Enter an ID for the role in the ID field.
The maximum length of the role ID is 32 characters. Valid characters are a-z, A-Z, 0-
9, space, and underscore '_'.
The ID is mandatory and must be unique.
 Enter a presentation for the role in the Presentation field.
The presentation is the name of the role in the user interface.
The presentation is optional.
 Enter a short description for the role in the Description field.
The description is optional.
5. Click Finish.
The new customized role is created and visible in the tree under Roles.

OS90514EN15GLA0
46 Copyright © 2015 Nokia Solutions and Networks
User Management

Permission Management
Creating a new Role

New roles can be created


with the Create New Role
dialog

The new role can be granted


any combination of permissions

Right click to
create new role

1 © Nokia Solutions and Networks 2014

Fig. 20

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . .
OS90514EN15GLA0 . . . . . . . . . . . . . . . . . . . . . . . . .
. . ©2015
Copyright . Nokia
. .Solutions
. . and.Networks.
. . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

3.2.7 Deleting a role


You can delete a role in the Role Explorer Delete Role dialog.
1. Go to Role Explorer.
2. Right-click a role name or icon in the tree and select Delete Role...
The Confirmation dialog opens.
TIP
When the role has groups attached, a warning is shown before you can delete
the role.
3. Click OK.
The role has been deleted and removed from the tree.

3.2.8 Copying a role


You can copy the permission bindings from an existing role to a new role in the Copy Role
dialog.
1. Go to Role Explorer.
2. Right-click a role name or icon in the tree and select Copy Role...
Copy Role Wizard opens.
3. Enter the details for the new role.
 Enter an ID for the role in the ID field.
The maximum length of the role ID is 32 characters. Valid characters are a-z, A-Z, 0-
9, space, and underscore '_'.
The ID is mandatory and must be unique.
 Enter a presentation for the role in the Presentation field.
The presentation is the name of the role in the user interface.
The presentation is optional.
 Enter a short description for the role in the Description field.
The description is optional.
4. Click Finish.
The new customized role is created and is visible in the tree under Roles. The new role has
the same permission bindings as the original role.

OS90514EN15GLA0
48 Copyright © 2015 Nokia Solutions and Networks
User Management

Permission Management
Copying a Role

The permission bindings from an


existing role can be copied to a
new Role

Right click to copy

The new customized role is created and is


1 © Nokia Solutions and Networks 2014
visible in the tree under Roles

Fig. 21

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . .
OS90514EN15GLA0 . . . . . . . . . . . . . . . . . . . . . . . . .
. . ©2015
Copyright . Nokia
. .Solutions
. . and.Networks.
. . . . . . . . . . . . . . . . . . . . . . . . . . . 49
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

3.3 Scope Management


With Scope Editor you can define the scope for a user group and role pair.
Users have permissions defined by their group membership and the roles that the groups
have. Network elements are grouped into a maintenance region based on location or
functionality. A scope defines a maintenance region, or selected network elements in that
region, on which a user group with a certain role is allowed to perform operations.
If a group and role pair has no scope specified, only scope-independent operations are
allowed for that user group and role.
With Scope Editor you can perform the following scope management tasks:
 Add a scope to group-role combinations
 Remove a scope from group-role combinations
 Refresh the scope

You can access Scope Editor either from the Explorer tools or from the Desktop menu bar.
To open Scope Editor, you need to be an authorized user with the PEMGUI - LAUNCH
permission. The same permission is required for performing any operations provided by the
tool.
You can open Scope Editor in three ways:
 From Group Explorer by right-clicking a role and selecting Add/Remove Scope
 From Role Explorer by right-clicking a group and selecting Add/Remove Scope
 From the Desktop menu bar by selecting Tools >Administration > Permission
Management > Scope Editor.
In trees and tables, the presentation of each maintenance region and network element is
displayed. If the presentation is not defined, the distinguished name is displayed instead.

WARNING
To be able to edit the scope, a group must have a role and a role must have a
group attached to it.
When groups or roles are added or removed, or group-role associations are changed,
with Group Explorer or Role Explorer, the changes are not automatically shown in
Scope Editor. Use the Reload button on the top right of the tool to update the Group
and role selection drop-down lists.

OS90514EN15GLA0
50 Copyright © 2015 Nokia Solutions and Networks
User Management

Permission Management
Managing the Scope

Tools →Administration → Permission Management → Scope Editor

With Scope Editor tool


the user can assign
Maintenance Regions
and Network Elements
as the scope

To be able to edit the


scope, a group must
have a role and a
role must have a group
attached to it

1 © Nokia Solutions and Networks 2014

Fig. 22

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . .
OS90514EN15GLA0
. . . . . . . . . . . . . . . . . . . . . . . .
. . ©2015
Copyright . . Nokia
. Solutions
. . and . Networks.
. . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

3.3.1 Adding scope to group-role combinations


You can add scope to group-role combinations in Scope Editor.
1. Select Tools > Administration > Permission Management > Scope Editor
Scope Editor opens.
2. Select the group and role from the Group and role selection and click Apply.
All the available maintenance regions (MRs) and network elements (NEs) for the
selected group-role combination are displayed in the Available MRs and NEs tree.
3. Select the appropriate NEs or MRs from the tree.
4. Click the right arrow icon to add the selected MRs and NEs to the selected MRs and
NEs table.
5. Click Apply or OK to save the changes.
By clicking Apply, Scope Editor remains open and the changes to the scope are stored into
the database.
By clicking OK, Scope Editor closes and the changes are stored into the database.

3.3.2 Removing scope from group-role combinations


You can remove scope from group-role combinations in Scope Editor.
1. Select Tools > Administration > Permission Management > Scope Editor
Scope Editor opens.
2. Select the group and role from the Group and role selection and click Apply.
The selected maintenance regions (MRs) and network elements (NEs) of the group-role
combination are displayed in the Selected MRs and NEs table.
3. Select the appropriate NEs or MRs from the table on the right.
4. Click the left arrow icon to remove the selected MRs and NEs from the selected MRs
and NEs table.
5. Click Apply or OK to save the changes.
By clicking Apply, Scope Editor remains open and the changes to the scope are stored into
the database.
By clicking OK, Scope Editor closes and the changes are stored into the database.

OS90514EN15GLA0
52 Copyright © 2015 Nokia Solutions and Networks
User Management

3.3.3 Refreshing the scope


You must refresh the information if more maintenance regions or network elements are
added to the system by a third party. It is also possible (but not preferable) that another
administrator is editing the scope at the same time.
Scope Editor fetches the available MR units to the tree and the selected units to the table.
The tree does not include the units that have been selected. When you expand an MR node,
the editor fetches the network elements that belong to the MR. The selected network
elements are displayed in the table.
Click Refresh.
1. Scope Editor clears the cache that stores the NEs and MRs.
2. Scope Editor clears the cache that holds the selected region units.
3. Scope Editor fetches the maintenance regions again.
4. Scope Editor fetches the selected maintenance region units again.
Remember to save your changes before refreshing. If you have not saved the information
before refreshing, the following message appears: “Save changes before refreshing?” Click
Yes to save the changes before refreshing, No not to save the changes, or Cancel to cancel
the refreshing action.

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
53
User Management

3.4 Network view scope management


With Network View Scope Editor, you can manage access to the network views in network
view folders and subfolders for users belonging to a particular group- role combination.
The network view scope defines the set of view folders including their views that can be
operated on by groups of users. The set of operations that a user can perform on view
folders and views is determined by the following:
1. the group to which the user belongs
2. the roles assigned to the group
3. the network view permissions granted to the roles
4. the network view scope defined in the Network View Scope Editor
The following network view permissions can be granted to a role:
 Create: Users can create network views and network view folders.
 Read: Users can see network views and network view folders.
 Modify: Users can edit and rename network views and network view folders.
Delete: Users can delete network views and network view folders.
A view folder inherits the scope of its parent folder. For example, in Network Scope View
Editor, the subfolders of folders listed in the Selected View Folders field are also in scope for
the group-role combination. To be able to see a network view, a user must have read access
to the view folder containing the view, or to a parent folder.

To open Network View Scope Editor, select Tools > Administration > Permission
Management > Network View Scope Editor

WARNING
To be able to edit the view scope, a group must have a role and a role must
have a group attached to it.
When groups or roles are added or removed, or group-role associations are changed,
with Group Explorer or Role Explorer, the changes are not automatically shown in
Scope Editor. Use the Reload button on the top right of the tool to update the Group
and role selection drop-down lists.

OS90514EN15GLA0
54 Copyright © 2015 Nokia Solutions and Networks
User Management

Permission Management
Assigning Network View Rights

Tools →Administration → Permission Management → Network View Scope


Editor

With Network View Scope


Editor, you can manage
access to the network views
in network view folders and
subfolders for users
belonging to a particular
group - role combination

The network view scope


defines the set of view
folders including their views
that can be operated on by
groups of users

1 © Nokia Solutions and Networks 2014

Fig. 23

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . .
OS90514EN15GLA0 . . . . . . . . . . . . . . . . . . . . . . . . .
. . ©2015
Copyright . Nokia
. .Solutions
. . and.Networks.
. . . . . . . . . . . . . . . . . . . . . . . . . . . 55
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

3.4.1 Adding network view scope to group-role combinations


You can add scope to group-role combinations in Network View Scope Editor.
1. Select Tools > Administration > Permission Management > Network View Scope Editor
Network View Scope Editor opens.
2. Select the group and role from the Group and role selection and click Apply.
All the view folders which have been assigned with the particular right will be listed out in
the Available View Folders pane.
3. Select the appropriate view folders and sub folders from the tree.
4. Click the right arrow icon to add the selected view folders to the Selected View Folders
pane.
5. Click Apply or OK to save the changes.
By clicking Apply, Network View Scope Editor remains open and the changes to the scope
are stored into the database.

3.4.2 Removing network view scope to group-role


combinations
You can remove scope from group-role combinations in Network View Scope Editor.
1. Select Tools > Administration > Permission Management > Network View Scope Editor
Network View Scope Editor opens.
2. Select the group and role from the Group and role selection and click Apply.
All the view folders which have been assigned with the particular right will be listed out in
the Available View Folders pane.
3. Select the appropriate view folders and sub folders from the tree.
4. Click the left arrow icon to remove the selected view folders to the Selected View Folders
pane.
5. Click Apply or OK to save the changes.
By clicking Apply, Network View Scope Editor remains open and the changes to the scope
are stored into the database.

OS90514EN15GLA0
56 Copyright © 2015 Nokia Solutions and Networks
User Management

4 Network Element Access Control

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
57
User Management

4.1 Network Element Credentials Management


The purpose of managing network element credentials is to enhance the security and provide
flexibility in controlling network element access.
You can manage network element credentials with the Network Element Access Control
(NEAC) application. This application allows you to manage and administer the service users
of a network element. You can access the application by using both graphical user interface
(GUI) and command line interface (CLI).

OS90514EN15GLA0
58 Copyright © 2015 Nokia Solutions and Networks
User Management

Network Element Access Control


Graphical User Interface

1 © Nokia Solutions and Networks 2014

Fig. 24

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . .
OS90514EN15GLA0 . . . . . . . . . . . . . . . . . . . . . . . . .
. . ©2015
Copyright . Nokia
. .Solutions
. . and.Networks.
. . . . . . . . . . . . . . . . . . . . . . . . . . .
59
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

4.2 Network Element Access Control GUI


Only sysop group users are authorized to access Network Element Access Control GUI.
Using the NEAC GUI, you can:
 View network element credentials
 Create service users
 Modify service users
 Delete service users
 Grant or revoke credentials for application groups
To open the NEAC GUI, login to the NetAct Start Page and then go to Security  Network
Element Access Control.

The Network Element Access Control page lists the following attributes of a network element:
 Service type
 Profile
 Group
 Service user
 Network element/MR

OS90514EN15GLA0
60 Copyright © 2015 Nokia Solutions and Networks
User Management

Network Element Access Control


GUI Attributes

Description
Service Type The service type is an interface or protocol used to communicate with the network element. For
example, FTP Access, FTAM Access, HTTP Access, etc.
Profile The profile defines what commands a service user can provide for a managed object. For example, if
you choose FTP Access as a service type, it supports the following profiles:
• FTP Read Access - The service user can perform only read operations in the system.
• FTP Write Access - The service user can perform both read and write operation in the system.
Group The group refers to the application groups present in the system. For example, sysop, dba, etc. If the
service user is associated to more than one group, click Several Groups to view the list of groups.
Service User A service user is a managed object user account with an ID, password and authority profile. The user
account is used by NetAct applications to access managed objects through a specific service type.
Network The network element credentials are divided into the following types:
Element / MR • All NE instances: It indicates that the credentials are applied to all the NE instances present in the
system for a service type and profile combination.
• NE Type: It indicates that the credentials are applied to a particular NE type in the system for a service
type and profile combination. These credentials are applied to all NEs of that particular NE type.
• Individual NE: It indicates that the credentials are applied to individual NE in the system for a service
type and profile combination.
• MR: It indicates that the credentials are applied to a MR with a particular service type and profile
combination.
Note: To view all the network elements present in a credential set (MR, all NE instances and NE type),
1 © Nokia Solutions and Networks
click <All 2014
NE INSTANCES/
MR/Network element type> in Network element/MR column.

Fig. 25

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . .
OS90514EN15GLA0 . . . . . . . . . . . . . . . . . . . . . . . . .
. . ©2015
Copyright . Nokia
. .Solutions
. . and.Networks.
. . . . . . . . . . . . . . . . . . . . . . . . . . .
61
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

4.2.1 Viewing Network Element Credentials


From Network Element Access Control main page the user can see the current credentials
existent in NetAct for the different Network Elements / Maintenance Regions.

4.2.2 Creating a New Service User


You can create credentials for NE type only when the network element is supported in
Network Element Access Control metadata. To include the support, see Supporting a new
network element.
1. Click New in the Network Element Access Control page.
The New Service User dialog box appears.
2. Select a service type from Service Type drop-down list.
3. Select a profile type from Profile drop-down list.
Note: For few service types, the profile is set to Default and you cannot modify this field.
Based on the chosen service type and profile, corresponding fields are displayed. For
example, for service type FTP Access, if you choose the profile as FTP Read Access,
the following fields are displayed:
 FTP Read UserName
 FTP Read Password
 Confirm FTP Read Password
4. Enter the data in respective fields.
5. Select the Network Element type.
The following are the network element types:
 None: The created service user is not associated with any NE type or MR.
 All NE instances: The created service user is associated to all the NE instances
present in the system for a service type and profile combination.
 Maintenance Region: The created service user is associated to a specific MR. You
can choose the maintenance region from the drop-down list.
 NE Type: The created service user is associated to a particular NE type. You can
choose the network element type from the drop-down list. Only the supported network
element types are displayed.
o The Maintenance Region or NE Type option is disabled when the service user
is already associated or if they do not exist in the system.
6. Click Save to apply the changes.

TIP
By default, the service user is associated to sysop group.

OS90514EN15GLA0
62 Copyright © 2015 Nokia Solutions and Networks
User Management

Network Element Access Control


Creating a Service User

Click on information
button to get details on
Service Types

1 © Nokia Solutions and Networks 2014

Fig. 26

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . .
OS90514EN15GLA0 . . . . . . . . . . . . . . . . . . . . . . . . .
. . ©2015
Copyright . Nokia
. .Solutions
. . and.Networks.
. . . . . . . . . . . . . . . . . . . . . . . . . . . 63
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

4.2.3 NEAC Service Types


Service Type Description Remarks
EM Access Used for EM Launch in Radio New Service Type in NetAct 15 LTE
Networks (e.g. on eNodeB) for EM Launch at the NE.
FTAM Access FTAM File Transfer
FTAM Unix Access FTAM File Transfer to Unix
FTP Access FTP File Transfer
Generic NE FTP Access Used for getting FTP Access New Service Type in NetAct 15 LTE.
to various NEs. The difference Required to support corresponding
to the normal FTP Access type Service Type from OSS 5.x
is that changing the password
in the GUI will not
automatically change the
password in the NE.
FTP Unix Access FTP Unix Protocol
HTTP Access Hypertext Transfer Protocol
HTTPS Access Hypertext Transfer Protocol
Secure
HWM and SWM Access Hardware Management and
Software Management Access
MML Access Programmatic MML Access for
non interactive MML sessions
NEMU Admin Access NE User Management Access This Service Type is used for NE
Account Provisioning via MML/Q3
and SCLI. Note: The Service User
must have been created manually on
the NE and cannot be changed via
NEAC. NWI3 NEs do not use this
Service Access Type for NE Account
Provisioning (but NWI3 Access for
this purpose)
NWI3 Access NWI3 Access
Q1 Access Used for Remote Node
Protocol
Q3 Access Used for CMIS Protocol
REMOTE_MML_ACCESS Remote MML Access for
interactive MML sessions
SCLI Access SCLI Access
SFTP Access SSH File Transfer
SFTP Unix Access Used for transferring files from New Service Type in NetAct 15 LTE
network elements to
Connectivity servers using
SFTP.

OS90514EN15GLA0
64 Copyright © 2015 Nokia Solutions and Networks
User Management

Service Type Description Remarks


SNMP v1 v2 Access Simple Network Management Deprecated - Not to be used
Protocol versions 1 and 2
SNMP Read Access SNMP Read Community New Service Type in NetAct 15 LTE
String
SNMP Write Access SNMP Write Community String New Service Type in NetAct 15 LTE
SNMP v3 Access Simple Network Management
Protocol version 3
SS7 Access Signaling System 7 Access
SSH Access Secure Shell
Telnet Access Telnet Access
Web Services Access NE3S Webservice Access New Service Type in NetAct 15 LTE
Web Services Noprop Web Services No propagation New Service Type in NetAct 15 LTE
Access Access

4.2.4 Modifying a Service User


In the Network Element Access Control page, select the relevant check box to modify a
service user.

1. Click Modify.
The Modify Service User dialog box appears.
2. Modify the service user password(s).
3. Click Save to apply the changes.

4.2.5 Deleting a service user


1. In the Network Element Access Control page, select the relevant check box to delete a
service user.
TIP
Note: You can delete multiple service users at a time.
2. Click Delete.
You are prompted with a confirmation message.
Click Ok to delete the selected service user(s).

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
65
User Management

Network Element Access Control


Modifying a Service User

1 © Nokia Solutions and Networks 2014

Fig. 27

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
66 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OS90514EN15GLA0
. . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . .Copyright
. . © 2015
. Nokia
. . Solutions
. . and. Networks
.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

4.2.6 Granting or revoking credentials for an application group


Using Network Element Access Control application, you can grant and revoke application
groups only for NE Type credential set. For Maintenance Region, All NE instances and
individual network element credentials, you can perform this by scoping through Scope
Editor. The scoped groups are inherited by Network Element Access Control application.

WARNING
You cannot revoke credentials from sysop group.

1. In the Network Element Access Control page, select the relevant check box to grant or
revoke credentials.
2. Click Grant/Revoke.
The Grant and Revoke Credentials dialog box appears.
3. You can grant or revoke credentials by selecting or removing the groups for a service
user in the Application Group field.

Note
 When a group and role combination is scoped to all NE instances, and if any other
credentials exists (MR, NE type and individual NE) apart from all NE instances, then they
are also granted to the scoped group.
 When a group and role combination is scoped to MR, and if individual NE credentials exist
along with MR, then it is also granted to the scoped group.

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
67
User Management

Network Element Access Control


Granting and Revoking Credentials for an Applications Group

1 © Nokia Solutions and Networks 2014

Fig. 28

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
68 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OS90514EN15GLA0
. . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . .Copyright
. . © 2015
. Nokia
. . Solutions
. . and. Networks
.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

4.3 Provisioning of credentials from NetAct to


network elements
After creating or modifying credentials for service users in NetAct repository, it is necessary
to activate these changes in the network, as they have to be explicitly provisioned to the
network elements.
1. Log in to NetAct Start page.
2. Click Security → Network Element Access Control.
3. Select tab Provisioning. Select a service type that you want to provision to the network
elements.
4. For provisioning of the credentials to the network elements, select Provisioning.
5. Click Ok.
A dialog appears that displays the number of network elements that are provisioned.

WARNING:
• Currently Network Element Access Control GUI does not support multiple selection of
service users for provisioning. However, you can start provisioning for more than one service
user at a time.
• The credentials are provisioned to all network elements in a maintenance region that
support the service type and account provisioning.
• NetAct operators can get an overview concerning account provisioning support for all
network elements of a particular service user through the NE List window from either
Credentials or Provisioning tabs which are accessible from the Network element/ MR column.
• Account provisioning is not supported for all service types or by all NE types. You have to
create or update accounts for service types or on NEs not supporting account provisioning
manually (e.g. via EM access).

Expected outcome
The provisioning is starting for all network elements in the MR, which are not in sync (i.e. not
in status completed). Depending from connection quality and size of the maintenance region
the provisioning can take some time. This is indicated by status ongoing in the Status
column. As long as the ongoing status remains, the service user is prevented from
performing further management activities like modify, delete, or provisioning on this entry.
When the provisioning has ended, the overall status of the provisioning process for the
service user is displayed in Status column. The various status values are explained in the
following table.
To get a detailed overview about the provisioning to all network elements in the maintenance
region of the corresponding service click on the status field of the service user. This opens a
list of all network elements in the maintenance region, which support account provisioning of
this service. The provisioning status per network element is contained is contained in this list
too.
After provisioning has ended, the status of the service user will change from ongoing to
completed, failed or partly.

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
69
User Management

Note:
The provision status in the GUI is not updated automatically. You have to press refresh to
update the status during an ongoing provision operation.

Status Description
Ongoing Provisioning for service users has been started to all or a selected number of
network elements in the corresponding maintenance region which support
account provisioning.
The provisioning is still ongoing.
Completed All provisioning operations were successfully completed on all network elements
in the corresponding maintenance region, which support account provisioning.
The network elements and the NEAC repository are in sync.
Note:
When new network elements are added to a maintenance region then the status
of the service user is not changed: It remains completed. The new network
elements can be seen in Details of latest Provisioning with status new. But
there is no account been created in these network elements.
To create them, start provisioning again for the service user. The accounts will
then be created on the new network elements.
Partly Provisioning was only successful on a subset of network elements in the
maintenance region. The network elements and NEAC repository are partly not
in sync.To provision the credentials to those network elements, which only are
not in sync, start provisioning for this service user again. For more information,
see What to do when the network element provisioning status is new, modified
or failed on Operating Documentation.
Failed Provisioning operation for the service user has ended. Provisioning to all
network elements failed. After solving potential network or configuration
problems, restart provisioning for this service user again.For more information,
see What to do when the network element provisioning status is new, modified
or failed on Operating Documentation
New New service user who was never provisioned to the network before. To
provision the credentials start provisioning for this new service user.For more
information, see What to do when the network element provisioning status is
new, modified or failed on Operating Documentation.
Modified Modified service user. The password of this service user has been modified after
the latest provision operation. The passwords on the network elements and in
NEAC repository are different.
Note:
If the NE supports provisioning, then the new password defined in NEAC
repository will be only activated after it has been successfully provisioned to the
NE. The old password will be still used to connect to the NE as long as the
provision status of the NE is modified or failed.
To provision the new password to the network elements and to activate it, start
provisioning for this service user again. For more information, see What to do
when the network element provisioning status is new, modified or failed on
Operating Documentation.
Not Provisioning is not supported for this service user.
Supported

OS90514EN15GLA0
70 Copyright © 2015 Nokia Solutions and Networks
User Management

Network Element Access Control


Provisioning Credentials to Network Elements

1 © Nokia Solutions and Networks 2014

Fig. 29

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . .
OS90514EN15GLA0 . . . . . . . . . . . . . . . . . . . . . . . . .
. . ©2015
Copyright . Nokia
. .Solutions
. . and.Networks.
. . . . . . . . . . . . . . . . . . . . . . . . . . . 71
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

4.4 Network Element Access Control CLI


Only omc and root users are authorized to access Network Element Access Control CLI.
Using the NEAC CLI, you can:
 Create or delete network element credentials
 Grant/revoke services to/from a group
 List network element credentials
 List granted services
 List service types
 List profiles
 List groups

To start the NEAC command line interface, open an SSH terminal connection to one of the
AS nodes and run neac.pl.
For detailed information on how to perform the above listed tasks, please refer to the NetAct
15 Operating Documentation which can be found from Start Page  User Assistance 
Operating Documentation.

OS90514EN15GLA0
72 Copyright © 2015 Nokia Solutions and Networks
User Management

4.5 Centralized NE User Management


The Centralized Network Element User Management (CNUM) feature (also known as
Centralized User Authentication and Authorization (CUAA) or Remote User Identification
Management (RUIM)) enables network elements to authenticate and authorize users against
a centralized user repository (LDAP directory)

WARNING
CNUM is not supported by all network elements. When CNUM is used, the
service users used to activate and manage it need to be configured in NEAC.
Therefore, when CNUM is activated in parts of the network, network access
control is a combination of CNUM and service users. However, the number of
service users that need to be managed is reduced by CNUM.
CNUM is a licensed, optional feature

CNUM in NetAct
The tools that are used to manage CNUM in NetAct are the Network Element Access Control
(NEAC) application for activating and deactivating CNUM in the network elements and the
Permission Management (PEM) application, which is used to assign the necessary
permissions to roles and user groups.

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
73
User Management

4.5.1 Centralized Network Element User Management user


interface
The Centralized Network Element User Management user interface displays the following
information in a table:

Column Name Description

Network element DN of the network element

Maintenance
Identifier of the maintenance region to which the network element is assigned
region

NE type Network element type abbreviation

Release of the network element, corresponds to the version parameter in NetAct


NE release
Monitor

From the drop down list, the LDAP access type that should be used for the
CNUM operation can be selected. The available selections depend on the LDAP
LDAP access type access types that are supported by the network element. The LDAP access type
can only be selected when CNUM is not active for this network element (if
CNUM is not activated in the network element within same agent).

The current CNUM status of the network element. If available, the link refers to
CNUM status
additional information

The date and time of the last CNUM operation that has been executed for this
Time of last action
network element

OS90514EN15GLA0
74 Copyright © 2015 Nokia Solutions and Networks
User Management

Network Element Access Control


Centralized NE User Management

1 © Nokia Solutions and Networks 2014

Fig. 30

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . .
OS90514EN15GLA0 . . . . . . . . . . . . . . . . . . . . . . . . .
. . ©2015
Copyright . Nokia
. .Solutions
. . and.Networks.
. . . . . . . . . . . . . . . . . . . . . . . . . . . 75
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
User Management

4.5.2 Activating Centralized Network Element User


Management on the Network Elements
Prerequisites
Before activating CNUM in the network element, check requirements specific to network
element. For information on the requirements, see „Network element specific requirements“
in NetAct Operating Documentation.

1. Log in to NetAct Start page.


2. Click Security → Network Element Access Control.
Network Element Access Control window appears.
3. Click Centralized NE User Management tab.
4. Select the network element for which you want to activate CNUM.
5. From the LDAP access type list, select the access type.
You can select one of the following LDAP access types:

LDAP access Description


type
LDAPS Only secured LDAPS connections (using port 636) to the Centralized User Authentication
and Authorization LDAP server are allowed.

STARTTLS Only secured TLS connections (using port 389) to the Centralized User Authentication and
Authorization LDAP server are allowed. These connections are set up using the StartTLS
method.

PREFER TLS Both secured and unsecured LDAP connections to the Centralized User Authentication
and Authorization LDAP server are allowed.
Network element first attempts for a secure connection and if this fails network element
attempts for an unsecure connection.
Note:
It is recommended not to use this option as it is considered unsecure.

PLAIN TEXT Only unsecured connection to LDAP server is allowed.

Note:
When an network element is activated with an LDAP access type, the same LDAP
access type is assigned to all other network elements with same agent. To assign
different access type, you must deactivate all related network elements within the
agent.
The LDAP access type depends on the selected network element. Not all options are
supported by all network element types.
Certificates must be installed to enable LDAP access type. For information on how to
install the certificates, see „Managing certificates“ in NetAct Operating
Documentation.
To manually install the CA certificates on network element, refer to the network
element documentation.
If you click Refresh before saving the modified network element, all the changes are
lost.
A pen icon is displayed when LDAP access type is modified.

OS90514EN15GLA0
76 Copyright © 2015 Nokia Solutions and Networks
User Management

6. Click Activate.
CNUM status of the network element changes to Ongoing.
Click Refresh to view the CNUM status change.

Note:
Activation of CNUM on the network element takes time.
If the activation is unsuccessful, the CNUM status shows Failed activation. Click Failed
activation link to view the causes of failure.

To Verify if the CNUM activation is successful.


Log in as a NetAct user using SSH on the FlexiPlatform based network element, to confirm
that the activation of CNUM is successful.
Note:
If unable to login to OMS, check for alarm 70268. This problem occurs when OMS is not able
to connect to LDAP.
Additional information:
It is possible to activate CNUM for a network element that is already in CNUM state
Activated. This allows to renew the CNUM configuration in a network element that is
deactivated because of, for example, HW change.
If you are activating CNUM for a network element on which CNUM is already activated,
NetAct creates a network element account and configures the same on the network element.
The old network element account is deleted when the network element sends a response for
this configuration.

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
77
User Management

4.5.3 Deactivating Centralized Network Element User


Management on the Network Elements

To deactivate the CNUM feature in network elements:


1. Log in to NetAct Start page.
2. Enter Login Name and Password.
3. Click Log In and OK.
4. Click Security → Network Element Access Control.
Network Element Access Control window appears.
5. Click Centralized NE User Management tab.
6. Select the network element for which you want to deactivate CNUM.
7. Click Deactivate.
The status of the network element changes to Ongoing.
8. Click Refresh.
The status is changed to Deactivated.

Note:
Deactivation of CNUM on the network element takes some time.
If the deactivation is unsuccessful, the CNUM status shows Failed deactivation. Click Failed
deactivation link to view the causes of failure.

OS90514EN15GLA0
78 Copyright © 2015 Nokia Solutions and Networks
User Management

5 Appendix A: Default Roles and Permissions

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
79
User Management

5.1 Administration Roles and Associated


Permissions
Default roles Permission Names
CM-Configuration CM_ManagedObject_Create, CM_ManagedObject_Delete,
Management Administration CM_ManagedObject_Edit, Application Launch,
CM_ManagedObject_MR_Association,
CM_ManagedObject_Site_Association,
CM_ManagedObject_CM_Topology_Upload, Network view_Read,
Network view_Create, Network view_Delete, Network view_Modfy,
WorkingSet_Create, WorkingSet_Delete, WorkingSet_Edit,
WorkingSet_Modify Query Statement
Operation to launch Data Managementapplication, Operation to
modify the configuration data, Operation to execute 'Force Unlock'
in Data Management application, Operation to access the class D
configuration objects
FM-Fault Management Admin EVENT_FILTER_CREATE, EVENT_FILTER_DELETE,
EVENT_FILTER_MODIFY, Alarm_Operation, Alarm_View,
Alarm_Cleanup, AlarmSync_Maintenance, FM_TT_MOCreate,
FM_TT_AlarmCreate, FM_TT_MOAttach, FM_TT_AlarmAttach,
FM_TT_Modify, RUL_Rule_Create, RUL_Rule_Delete,
RUL_Rule_Modify
SM-Security Administration PEMDC_Execute, PEMGUI_Launch, Application_UI_Launch
Adaptation Deployment, Addon_UI_Launch Addon Deployment
Tool, Certification Authority application_Launch,
SNMPFMUI_Launch, SNMPPM startpage Permission_Launch

OS90514EN15GLA0
80 Copyright © 2015 Nokia Solutions and Networks
User Management

5.2 Fault Management Roles description


Role names Description
FM-Alarm Surveillance Group to monitor NE failures in near-real time
FM-Fault Correction Group that controls repair of a fault
FM-Fault Localisation Group collecting information obtained by additional failure
localisation routines
FM-RAS Quality Assurance Group that establishes the reliability criteria that guides the design
policy for redundant equipment
FM-Testing Group that analyzes the faults
FM-Trouble Administration Group that transfers trouble reports originated by customers and
trouble tickets originated by proactive failure detection checks
FM-Fault Management Admin Fault Management core administrator

5.3 Configuration Management Roles description


Role names Description
CM-Installation Group that can support the installation of equipment which makes
up the telecommunication network.
CM-Network Planning and Network Planning and Engineering deals with the functions
Engineer associated with determining the need for growth in capacity and
the introduction of new technologies.
CM-Provisioning Provisioning consists of procedures which are necessary to bring
equipment into service, not including installation.
CM-Service Planning and
Planning for the introduction of new services.
Negotiation
CM-Status and Control Group capable to monitor and control certain aspects of the NE
on demand
CM-Template Management Management of various kinds of templates.
CM-Configuration The configuration management core administrator.
Management Administration

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
81
User Management

5.4 Performance Management Roles description

Role names Description


PM-Performance Analysis Group that does processing and analysis in order to evaluate the
performance level of the network
PM-Performance Management Group that supports the transfer of information to control the
Control operation of the Network
PM-Performance Monitoring Group that does continuous collection of data concerning the
performance of the network
PM-Performance Quality Group that supports decision processes that establish, as the
Assurance state-of-the-art expands and customer needs change, the quality
measures that are appropriate
PM-Administration of Group that manages and administers measurements in network
Measurements elements

5.5 Security Management Roles description


Role names Description
SM-Containment and Group that supports checks for signs of software intrusion (for
Recovery example, the presence of a known virus) in the TMN
SM-Detection Groups that detect an intrusion
SM-Prevention Groups needed for preventing intrusion
SM-Security Administration Group that does planning and administering security policy and
managing security related information

OS90514EN15GLA0
82 Copyright © 2015 Nokia Solutions and Networks
User Management

6 Appendix B: Application Permissions

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
83
User Management

6.1 Monitoring Applications Permissions


Application Permission object Authorized Description
name operations
Event Explorer ALARM_ FILTER Filter Create Permission to create the
filters
Enter Modify Permission to create the
filters
Filter Delete Permission to create the
filters
Event List, Event FM_Alarm Alarm View Permission to view alarms
History, Warning
List Alarm Operation Permissions to ACK,
UNACK and cancel the
alarms
Delete All Alarms, FM_Managed Object Alarm Cleanup Permission to delete alarms
Alarm Upload for MO/Sub Network
Maintenance mode FM_Managed Object Alarm sync and Permission to do alarm
Maintenance upload on MO's and to put
MO's to maintenance mode
Trouble Ticket FM_Trouble Ticket TT_AlarmCreate Permission to create the
trouble ticket for Alarm
TT_MOAttach Permission to attach trouble
ticket to MO
TT_MOCreate Permission to create the
trouble ticket for MO
TT_Modify Permission to modify the
trouble ticket
TT_Alarmattach Permission to attach trouble
ticket to Alarm
Rules RUL_Rule RUL_Modify Permission to modify the
rules
RUL_Create Permission to create the
rules
RUL_Delete Permission to delete the
rules

OS90514EN15GLA0
84 Copyright © 2015 Nokia Solutions and Networks
User Management

6.2 Configuration Management Application


Permissions
Application Permission object Authorized operations Description
name
Object Explorer CM_ Managed CM_ Managed Object Permission to create
Object _Create the Object
CM_ Managed Object _Edit Permission to edit the
Object's properties
CM_ Managed Object Permission to delete
_Delete the Object
Application Launch Permission to launch
an application for the
managed object
CM_ Managed Object_MR_ Permission to
Association associate an object to
a Maintenance Region
CM_ Managed Object_Site_ Permission to
Association associate an object to
a Site
View Explorer Network View Read Permission to read a
view or view folder
Create Permission to create a
view or view folder
Modify Permission to modify
a view or view folder
Delete Permission to delete a
view or view folder
Working Set Working Set Create Create a working set
Manager
Delete Delete a working set
Edit Edit a working set
ModifyQuery Statement Modify the SQL query
statement for
calculating the
working set

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
85
User Management

6.3 Reporting Application Permissions


Application Permission object Authorized Description
name operations
Administration of AoM Application plan view Permission to view all
Measurements Launch existing plans
detailed plan view Permission to view detailed
information of existing plans
template view Permission to view all
existing templates
detailed template view Permission to view detailed
information of existing
templates
template export Permission to export existing
template data to local disk
AoM Plan plan create Permission to create new
Management plans
plan create based on a Permission to create new
chosen template plans based on the chosen
templates
plan modify Permission to modify
existing plans
plan delete Permission to delete the
existing plans
plan activate Permission to activate the
existing plans
plan deactivate Permission to deactivate the
active plans
manual upload Permission to upload
network elements and
measurement types to
NetAct
AoM Template template create Permission to create new
Management templates
template modify Permission to modify
existing templates
template delete Permission to delete existing
templates

OS90514EN15GLA0
86 Copyright © 2015 Nokia Solutions and Networks
User Management

6.4 Security Configuration Application Permissions


Application Permission object Authorized Description
name operations
Certification Launch Certification Launch Permission to launch the
Authority Authority Certification Authority
application application
Adaptation Adaptation UI Launch Permission to launch the
Manager Adaptation Deployment Tool
AddOn Manager Addon UI Launch Permission to launch the
Addon Deployment Tool
SNMP FM SNMPFMUI Launch Permission to launch SNMP
FM UI
SNMP PM SNMPPM Startpage Launch Permission to launch SNMP
permission FM UI
PEM PEMDC Execute Permission to deploy the
Deployment PEM adaptations
Controller
PEM Tool PEMGUI Launch Permission to launch PEM
GUI operations

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
87
User Management

OS90514EN15GLA0
88 Copyright © 2015 Nokia Solutions and Networks
User Management

7 Exercises

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
89
User Management

OS90514EN15GLA0
90 Copyright © 2015 Nokia Solutions and Networks
User Management

Exercise 1
Title: User Management in NetAct

Objectives: Identify the User Management Objects


Identify the User Management Applications

Pre-requisite: none

Task
Please answer the following questions

Query
1. List the User Management Objects and explain the functionality of each of them.
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________

2. List the tools used in NetAct for User Account Management and Permission
Management and where are they located in the user interface.
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
91
User Management

Exercise 2
Title: User Account Management

Objectives: Manage User Accounts in NetAct

Pre-requisite: none

Task
Please answer the following questions and execute the proposed exercises.

Query
1. List the Tasks associated with the User Account Management and the tools required to
execute them.
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________

2. List the types of User Accounts available in NetAct system and explain the usage of
each of them.
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________

OS90514EN15GLA0
92 Copyright © 2015 Nokia Solutions and Networks
User Management

3. List the Active User Accounts in the system. Write down three of them indicating name
of the user and corresponding login name.
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________

4. Create a new user for yourself using your own first name, last name and email address.
List the steps for executing this task.
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________

5. Create a new group for yourself (group name = TrainingUser_ your first name). How can
you verify that this group is really available in the system?
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
93
User Management

Exercise 3
Title: Permissions Management

Objectives: Manage Permissions in NetAct

Pre-requisite: none

Task
Please answer the following questions and execute the proposed exercises.

Query
1. List the tasks to execute in order to assign the correct permissions to the users and grant
them access to network elements and network views.
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________

2. What is the difference between a default role and a customized role? How could you
modify a default role?
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________

OS90514EN15GLA0
94 Copyright © 2015 Nokia Solutions and Networks
User Management

3. Working with the group created in the Exercise 2, assign roles/permissions and scopes
to your group accordingly to the trainer instructions
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________

4. Modify your user and assign it your new group


______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________

5. Logout the system and Test your user. Take note of which applications you are able to
launch. What network elements can you access?
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
95
User Management

Exercise 4
Title: Network Elements Account Management

Objectives: Manage the access to Network Elements from NetAct.

Pre-requisite: none

Task
Please answer the following questions and execute the proposed exercises.

Query
1. What is a Service User? What is the functionality of Service Users in NetAct and how do
they interact with the Network Elements? What are the Service Types associated to
these users?
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________

2. What is the purpose of the NEAC application? Is this functionality available for all
network elements in the Network?
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________

OS90514EN15GLA0
96 Copyright © 2015 Nokia Solutions and Networks
User Management

3. Create a new Service User for the type of network elements and service that your trainer
indicates. Write down the parameters required for the creation of this Service User.
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________

4. Working with the group created in the Exercise 2, grant this group the credentials
created in the last step.
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________

5. Provision the credentials created in step 4 to the network. What it means this
provisioning for the network elements? What is the result of the provisioning task? How
can you verify that the provisioning was successful and the credentials are valid and
usable to the group?
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________
______________________________________________________________________

OS90514EN15GLA0
Copyright ©2015 Nokia Solutions and Networks.
97
User Management

OS90514EN15GLA0
98 Copyright © 2015 Nokia Solutions and Networks

You might also like