user management
DESCRIPTION
User ManagementTRANSCRIPT
Folie 1User Management
Nokia Solutions and Networks Academy
Legal notice
Intellectual Property Rights
*
Module Objectives
At the end of this module the student will be able to:
Identify the User Management Objects and User Management Tasks.
Create, Modify, Delete User Groups, User Accounts and Permissions in NetAct.
Manage user groups access to network views and Network Elements.
Create, Modify, Delete Network Element access Credentials.
*
Module Content
User Management in NetAct
User Management in NetAct
*
User Management in NetAct
User Management in NetAct
User Group:
Permission:
An object that describes the authority to perform certain operations.
Scope:
A collection of definitions that limit the validity of the permissions into a certain area.
*
User Management in NetAct
User Management Objects: Scope and Network Views Scope
Enables the definition of a working scope for user groups and their users to control the monitoring scope dedicated to different groups.
Maintenance Region
*
User Management in NetAct
Exercise 1
Security Management Framework
List the User Management Objects and explain the functionality of each of them.
*
*
User Account Management
User Account Management
Create and modify user profiles and user accounts
Create and modify group
Update user profiles
Update account passwords
Configure password policies
Unlock user account
Import and export of user and group data
*
User Account Management
NetAct application
These user accounts are used by WebSphere for user application authentication.
LDAP server administrator
This is the administrative account of the directory server, also known as LDAP Manager.
Oracle Database
These user accounts are used for accessing the Oracle database.
WebSphere Administrator
This user account is used for accessing WebSphere Application Server.
Linux OS (POSIX)
*
User Account Management
User Management Tool
User Account Management
Check box to: Modify, Delete, Activate/Deactivate
*
User Account Management
(3) Click on Create
Login details are listed after step 2
(1) Enter the user and login details.
(2) Select user group
User Account Management
Configuring Passwords Policy
Password policy is a set of rules that govern how the passwords are used in a given system
User Management → Administration → Policy Configuration
*
User Account Management
*
User Account Management
Check box to: modify / delete group
*
User Account Management
Creating Primary Groups
*
User Account Management
Groups Management From Permission Manager
Create new secondary groups, explore user groups, related users and roles.
Assign users to or remove users from groups.
Manage scope of group-role combinations.
Display and manage group-role permissions.
*
User Account Management
User Management → Administration → Export Users and Permissions
*
User Account Management
User Management → Administration → Import Users and Permissions
XML template file available for download
*
Exercise 2
User Account Management
List the Tasks associated with the User Account Management and the tools required to execute them
List the types of User Accounts available in NetAct system and explain the usage of each of them.
List the Active User Accounts in the system. Write down three of them indicating name of the user and corresponding login name.
Create a new user for yourself using your own first name, last name and email address. List the steps for executing this task.
*
*
Permission Management
Permission Management
Create, copy and modify roles.
Grant or Revoke Permissions to customized roles
Associate and unassociate roles to group
Assign / unassign Scope to group-role combination
Assign / unassign Network Views Scope to group-role combination
The Permission Management in NetAct is composed by all the tasks required to assign Permissions and Manage Roles and Scopes.
A user can be a member of multiple groups, and each group can have multiple roles associated to it.
*
Permission Management
Create
Group
Assign
*
Permission Management
Every role is either a default or a customized role.
Default roles are created by the system and they have default permissions.
Permissions are granted to roles and then roles are granted to groups.
Each group can have multiple roles granted to it
1.psd
Permission Management
*
Permission Management
*
Permission Management
The new role can be granted any combination of permissions
*
Permission Management
Copying a Role
The new customized role is created and is visible in the tree under Roles
Right click to copy
*
Permission Management
Managing the Scope
To be able to edit the scope, a group must have a role and a role must have a group attached to it
With Scope Editor tool the user can assign Maintenance Regions and Network Elements as the scope
Tools →Administration → Permission Management → Scope Editor
*
Permission Management
Assigning Network View Rights
The network view scope defines the set of view folders including their views that can be operated on by groups of users
Tools →Administration → Permission Management → Network View Scope Editor
*
Exercise 3
Managing Permissions
List the tasks to execute in order to assign the correct permissions to the users and grant them access to network elements and network views
What is the difference between a default role and a customized role? How could you modify a default role?
Working with the group created in the Exercise 2, assign roles/permissions and scopes to your group accordingly to the trainer instructions.
Modify your user and assign it your new group
*
*
Network Element Access Control
Network Element Access Control
NEAC
*
Network Element Access Control
Network Element Access Control
Service Type
The service type is an interface or protocol used to communicate with the network element. For example, FTP Access, FTAM Access, HTTP Access, etc.
Profile
The profile defines what commands a service user can provide for a managed object. For example, if you choose FTP Access as a service type, it supports the following profiles: • FTP Read Access - The service user can perform only read operations in the system. • FTP Write Access - The service user can perform both read and write operation in the system.
Group
The group refers to the application groups present in the system. For example, sysop, dba, etc. If the service user is associated to more than one group, click Several Groups to view the list of groups.
Service User
A service user is a managed object user account with an ID, password and authority profile. The user account is used by NetAct applications to access managed objects through a specific service type.
Network Element / MR
*
Network Element Access Control
Creating a Service User
Network Element Access Control
Modifying a Service User
Network Element Access Control
*
Network Element Access Control
*
Network Element Access Control
Provisioning of credentials from NetAct to network elements: Provisioning Status
Status
Description
Ongoing
Provisioning for service users has been started to all or a selected number of NEsin the corresponding maintenance region which support account provisioning. The provisioning is still ongoing.
Completed
All provisioning operations were successfully completed on all NEs in the corresponding maintenance region, which support account provisioning. The network elements and the NEAC repository are in sync. Note: When new network elements are added to a maintenance region then the status of the service user is not changed: It remains completed. The new network elements can be seen in Details of latest Provisioning with status new. But there is no account been created in these network elements. To create them, start provisioning again for the service user. The accounts will then be created on the new network elements.
Partly
*
Network Element Access Control
Provisioning of credentials from NetAct to network elements: Provisioning Status
Status
Description
Failed
Provisioning operation for the service user has ended. Provisioning to all network elements failed. After solving potential network or configuration problems, restart provisioning for this service user again.
New
New service user who was never provisioned to the network before. To provision the credentials start provisioning for this new service
Modified
Modified service user. The password of this service user has been modified after the latest provision operation. The passwords on the network elements and in NEAC repository are different. Note: If the NE supports provisioning, then the new password defined in NEAC repository will be only activated after it has been successfully provisioned to the NE. The old password will be still used to connect to the NE as long as the provision status of the NE is modified or failed. To provision the new password to the network elements and to activate it, start provisioning for this service user again.
Not Supported
*
Exercise 4
Network Elements Account Management
What is a Service User? What is the functionality of Service Users in NetAct and how do they interact with the Network Elements? What are the Service Types Associated to these users?
What is the purpose of the NEAC application? Is this functionality available for all network elements in the Network?
Create a new Service User for the type of network elements and service that your trainer indicates. Write down the parameters required for the creation of this Service User.
Working with the group created in the Exercise 2, grant this group the credentials created in the last step.
*
Nokia Solutions and Networks Academy
Legal notice
Intellectual Property Rights
*
Module Objectives
At the end of this module the student will be able to:
Identify the User Management Objects and User Management Tasks.
Create, Modify, Delete User Groups, User Accounts and Permissions in NetAct.
Manage user groups access to network views and Network Elements.
Create, Modify, Delete Network Element access Credentials.
*
Module Content
User Management in NetAct
User Management in NetAct
*
User Management in NetAct
User Management in NetAct
User Group:
Permission:
An object that describes the authority to perform certain operations.
Scope:
A collection of definitions that limit the validity of the permissions into a certain area.
*
User Management in NetAct
User Management Objects: Scope and Network Views Scope
Enables the definition of a working scope for user groups and their users to control the monitoring scope dedicated to different groups.
Maintenance Region
*
User Management in NetAct
Exercise 1
Security Management Framework
List the User Management Objects and explain the functionality of each of them.
*
*
User Account Management
User Account Management
Create and modify user profiles and user accounts
Create and modify group
Update user profiles
Update account passwords
Configure password policies
Unlock user account
Import and export of user and group data
*
User Account Management
NetAct application
These user accounts are used by WebSphere for user application authentication.
LDAP server administrator
This is the administrative account of the directory server, also known as LDAP Manager.
Oracle Database
These user accounts are used for accessing the Oracle database.
WebSphere Administrator
This user account is used for accessing WebSphere Application Server.
Linux OS (POSIX)
*
User Account Management
User Management Tool
User Account Management
Check box to: Modify, Delete, Activate/Deactivate
*
User Account Management
(3) Click on Create
Login details are listed after step 2
(1) Enter the user and login details.
(2) Select user group
User Account Management
Configuring Passwords Policy
Password policy is a set of rules that govern how the passwords are used in a given system
User Management → Administration → Policy Configuration
*
User Account Management
*
User Account Management
Check box to: modify / delete group
*
User Account Management
Creating Primary Groups
*
User Account Management
Groups Management From Permission Manager
Create new secondary groups, explore user groups, related users and roles.
Assign users to or remove users from groups.
Manage scope of group-role combinations.
Display and manage group-role permissions.
*
User Account Management
User Management → Administration → Export Users and Permissions
*
User Account Management
User Management → Administration → Import Users and Permissions
XML template file available for download
*
Exercise 2
User Account Management
List the Tasks associated with the User Account Management and the tools required to execute them
List the types of User Accounts available in NetAct system and explain the usage of each of them.
List the Active User Accounts in the system. Write down three of them indicating name of the user and corresponding login name.
Create a new user for yourself using your own first name, last name and email address. List the steps for executing this task.
*
*
Permission Management
Permission Management
Create, copy and modify roles.
Grant or Revoke Permissions to customized roles
Associate and unassociate roles to group
Assign / unassign Scope to group-role combination
Assign / unassign Network Views Scope to group-role combination
The Permission Management in NetAct is composed by all the tasks required to assign Permissions and Manage Roles and Scopes.
A user can be a member of multiple groups, and each group can have multiple roles associated to it.
*
Permission Management
Create
Group
Assign
*
Permission Management
Every role is either a default or a customized role.
Default roles are created by the system and they have default permissions.
Permissions are granted to roles and then roles are granted to groups.
Each group can have multiple roles granted to it
1.psd
Permission Management
*
Permission Management
*
Permission Management
The new role can be granted any combination of permissions
*
Permission Management
Copying a Role
The new customized role is created and is visible in the tree under Roles
Right click to copy
*
Permission Management
Managing the Scope
To be able to edit the scope, a group must have a role and a role must have a group attached to it
With Scope Editor tool the user can assign Maintenance Regions and Network Elements as the scope
Tools →Administration → Permission Management → Scope Editor
*
Permission Management
Assigning Network View Rights
The network view scope defines the set of view folders including their views that can be operated on by groups of users
Tools →Administration → Permission Management → Network View Scope Editor
*
Exercise 3
Managing Permissions
List the tasks to execute in order to assign the correct permissions to the users and grant them access to network elements and network views
What is the difference between a default role and a customized role? How could you modify a default role?
Working with the group created in the Exercise 2, assign roles/permissions and scopes to your group accordingly to the trainer instructions.
Modify your user and assign it your new group
*
*
Network Element Access Control
Network Element Access Control
NEAC
*
Network Element Access Control
Network Element Access Control
Service Type
The service type is an interface or protocol used to communicate with the network element. For example, FTP Access, FTAM Access, HTTP Access, etc.
Profile
The profile defines what commands a service user can provide for a managed object. For example, if you choose FTP Access as a service type, it supports the following profiles: • FTP Read Access - The service user can perform only read operations in the system. • FTP Write Access - The service user can perform both read and write operation in the system.
Group
The group refers to the application groups present in the system. For example, sysop, dba, etc. If the service user is associated to more than one group, click Several Groups to view the list of groups.
Service User
A service user is a managed object user account with an ID, password and authority profile. The user account is used by NetAct applications to access managed objects through a specific service type.
Network Element / MR
*
Network Element Access Control
Creating a Service User
Network Element Access Control
Modifying a Service User
Network Element Access Control
*
Network Element Access Control
*
Network Element Access Control
Provisioning of credentials from NetAct to network elements: Provisioning Status
Status
Description
Ongoing
Provisioning for service users has been started to all or a selected number of NEsin the corresponding maintenance region which support account provisioning. The provisioning is still ongoing.
Completed
All provisioning operations were successfully completed on all NEs in the corresponding maintenance region, which support account provisioning. The network elements and the NEAC repository are in sync. Note: When new network elements are added to a maintenance region then the status of the service user is not changed: It remains completed. The new network elements can be seen in Details of latest Provisioning with status new. But there is no account been created in these network elements. To create them, start provisioning again for the service user. The accounts will then be created on the new network elements.
Partly
*
Network Element Access Control
Provisioning of credentials from NetAct to network elements: Provisioning Status
Status
Description
Failed
Provisioning operation for the service user has ended. Provisioning to all network elements failed. After solving potential network or configuration problems, restart provisioning for this service user again.
New
New service user who was never provisioned to the network before. To provision the credentials start provisioning for this new service
Modified
Modified service user. The password of this service user has been modified after the latest provision operation. The passwords on the network elements and in NEAC repository are different. Note: If the NE supports provisioning, then the new password defined in NEAC repository will be only activated after it has been successfully provisioned to the NE. The old password will be still used to connect to the NE as long as the provision status of the NE is modified or failed. To provision the new password to the network elements and to activate it, start provisioning for this service user again.
Not Supported
*
Exercise 4
Network Elements Account Management
What is a Service User? What is the functionality of Service Users in NetAct and how do they interact with the Network Elements? What are the Service Types Associated to these users?
What is the purpose of the NEAC application? Is this functionality available for all network elements in the Network?
Create a new Service User for the type of network elements and service that your trainer indicates. Write down the parameters required for the creation of this Service User.
Working with the group created in the Exercise 2, grant this group the credentials created in the last step.
*