You are on page 1of 32

iManager N2000 DMS Datacomm Network Management System Administrator Guide

Contents

Contents
3 DMS User Management ...........................................................................................................3-1
3.1 Basic Concepts ..............................................................................................................................................3-2 3.1.1 User......................................................................................................................................................3-2 3.1.2 User Group...........................................................................................................................................3-2 3.1.3 Operation Set .......................................................................................................................................3-3 3.1.4 ACL......................................................................................................................................................3-3 3.1.5 Managed Domain.................................................................................................................................3-3 3.1.6 Operation Rights ..................................................................................................................................3-3 3.1.7 Authority and Domain Based Management .........................................................................................3-4 3.1.8 User Right Allocation Policy ...............................................................................................................3-4 3.2 Creating User Flow Chart .............................................................................................................................3-5 3.3 Creating an Operation Set .............................................................................................................................3-6 3.4 Creating a User Group...................................................................................................................................3-8 3.5 Creating a User............................................................................................................................................3-13 3.5.1 Adding a User ....................................................................................................................................3-13 3.5.2 Adding Users to a User Group ...........................................................................................................3-16 3.5.3 Setting User ACL Rights....................................................................................................................3-17 3.5.4 Granting the Managed Domain to a User...........................................................................................3-19 3.5.5 Granting Operation Rights to a User..................................................................................................3-20 3.6 Forcing a User to Exit .................................................................................................................................3-21 3.7 Sending a Message to Selected Client.........................................................................................................3-22 3.8 Configuration Example for Authority and Domain Based Management.....................................................3-22 3.8.1 Application Scenario ..........................................................................................................................3-22 3.8.2 Configuration Roadmap.....................................................................................................................3-23 3.8.3 Configuration Guide ..........................................................................................................................3-24 3.8.4 Verifying the Configuration Example ................................................................................................3-29

Issue 02 (2007-10-15)

Huawei Technologies Proprietary

i

Figures

iManager N2000 DMS Datacomm Network Management System Administrator Guide

Figures
Figure 3-1 Complete flow chart of creating a user .............................................................................................3-6 Figure 3-2 New operation set .............................................................................................................................3-7 Figure 3-3 Adding operations.............................................................................................................................3-8 Figure 3-4 Creating a new user group ................................................................................................................3-9 Figure 3-5 Adding users ................................................................................................................................... 3-11 Figure 3-6 Setting the managed domain of the user group...............................................................................3-12 Figure 3-7 Adding rights ..................................................................................................................................3-13 Figure 3-8 New users .......................................................................................................................................3-14 Figure 3-9 Advanced information of the users .................................................................................................3-16 Figure 3-10 Adding user groups .......................................................................................................................3-17 Figure 3-11 Adding an ACL .............................................................................................................................3-18 Figure 3-12 Granting the managed domain to a user .......................................................................................3-20 Figure 3-13 Granting operation rights to a user................................................................................................3-21 Figure 3-14 Network planning diagram ...........................................................................................................3-23 Figure 3-15 Management range of the state or provincial user ........................................................................3-24 Figure 3-16 Operation flowchart ......................................................................................................................3-24 Figure 3-17 Setting managed domain for the core monitor group....................................................................3-25 Figure 3-18 Setting the managed domain for the user of User-1......................................................................3-26 Figure 3-19 Setting operation authorities for User Group-1.............................................................................3-27 Figure 3-20 Creating a user ..............................................................................................................................3-28 Figure 3-21 Topology view for the User-1 .......................................................................................................3-29

ii

Huawei Technologies Proprietary

Issue 02 (2007-10-15)

iManager N2000 DMS Datacomm Network Management System Administrator Guide

Tables

Tables
Table 3-1 Security attribute of a user..................................................................................................................3-4 Table 3-2 Parameter description in the new operation set dialog box ................................................................3-7 Table 3-3 Parameter description in the create new user group dialog box .......................................................3-10 Table 3-4 Parameter description of adding new users ......................................................................................3-14

Issue 02 (2007-10-15)

Huawei Technologies Proprietary

iii

8 Configuration Example for Authority and Domain Based Management Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-1 . set rights of accessing the user address.iManager N2000 DMS Datacomm Network Management System Administrator Guide 3 DMS User Management 3 About This Chapter Section 3. This section describes how to create a user group. 3. This section describes how to create a user group.3 Creating an Operation Set 3.2 Creating User Flow Chart 3. and allocate the managed domain and operation rights to the user. allocate users to the user group. This section describes how to force a current user to exit.4 Creating a User Group 3. This section describes how to configure example for authority and domain based management. This section describes the operation flow chart of creating a user.1 Basic Concepts 3. This section describes how to send a message to the selected client. Description This section describes related concepts of DMS user management.6 Forcing a User to Exit 3.5 Creating a User DMS User Management The following table shows the contents of this chapter. This section describes how to create an operation set.7 Sending a Message to Selected Client 3.

the system forces you to change the password. admin The admin user has the highest authority to the DMS and can manage the DMS. the admin user and corba user. The cobra user is created only after you install the northbound interface components. the administrator does not need to change the rights of the corba user. corba The corba user is used to connect the third party software.1 User DMS users are divided into three kinds: the default admin user. When you log in to the DMS for the first time as admin. a DMS server allows only one admin user to log in. see 3.2 User Group The user group is group in the device and used to control the access of the user to the network. A DMS server allows two or more users to log inn at the same time. Operator group: Performs the query and configuration operations. By default. After clicking Login. For details. The DMS provides three default user groups as follows: Maintainer group: Performs the daily maintenance operations.1. Only the admin user can assign and modify the security operation rights. the default corba user. two default users. 3. The default password is corbaagent. and create and delete the security administrator. You do not need to grant rights to the admin user.5. 3-2 Huawei Technologies Proprietary Issue 02 (2007-10-15) . Change the password as soon as possible. and the other DMS users. Generally. After you install the DMS.3 DMS User Management iManager N2000 DMS Datacomm Network Management System Administrator Guide 3.1. The other DMS users are created by the admin user or the users who have the security management rights. By default. create and modify the security user group. A DMS server allows two or more corba users to log in at the same time. The corba user can complete the connection between the third party software and the DMS. You need to grant rights to the corba user.1 Basic Concepts 3. the user has no managed domains or operation rights. Modify the Access Control List (ACL) when the third party NMS is connected to the DMS.3 "Setting User ACL Rights. are created. the default password is N2000." Other DMS users The differences between users are described as follows: The admin user has all operation rights.

3 Operation Set An operation set is a group of operations. the user group has the management access to all devices in the sub-map.1. User ACL Select the IP addresses.5 Managed Domain The managed domain specifies the range of devices that a user can manage. modifying and deleting are not allowed. This ensures the security of the DMS. If a device is not in the managed domain of a user. It is a set of operations that are performed on the DMS by the corresponding users. 3. If a user group has the management access to a sub-map. Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-3 . through which the user can log in to the DMS server. For the system default operation set. By the security control at two layers. 3. the embezzler cannot log in to the DMS server. which is used to log in to the DMS server. or the range of devices that a user group can manage.1. Even if the user account and password are embezzled at the same time. One operation may belong to multiple operation sets. the user has no rights to operate the device.1. The devices that a user has no management access are not displayed on the topology view. 3.iManager N2000 DMS Datacomm Network Management System Administrator Guide 3 DMS User Management Monitor group: Performs the query operation. the user cannot obtain the operation access. One operation set may contain multiple operations. This ACL is called the system ACL.4 ACL The Access Control List (ACL) is the security mechanism that allows users to log in to the DMS only from a certain IP address or network segment.1. The limit to the use of the managed domain is shown as follows: A new created user has no rights to manage any resources by default. you can effectively control the IP address. 3. The operation rights vary with the operation objects. from some ACL. to form the user ACL. Security control is achieved at two layers as follows: System ACL You can only select the IP address (IP address network segment). If a user has no management access to a device. The NMS predefines different operation sets to different operation types.6 Operation Rights Operation rights specify the operations that a user can perform. Common users cannot assign the managed domain to the admin user or to themselves. which the user can access.

the managed objects of the domain administrator can be controlled. the DMS does not limit the IP address of the client that the user logs in to. Then. You can manually unlock the account. you can control the time when the user logs in to the DMS server. which the user logs in to. The authority and domain based management encompasses two parts: authority management and domain management. or data into different domains. Through the authentication.1. a user account is valid only in a certain domains and cannot manage other domains. 3. Thus. configure the information of login time segment. and assign the management authorities to the domain administrator. services. Once the user binds the IP address. Authority Management Authority management is to classify authorities into different levels such as maintenance authority. Generally.3 DMS User Management iManager N2000 DMS Datacomm Network Management System Administrator Guide 3. Domain Management Domain management is to classify device nodes. Operation When creating a user account. Table 3-1 Security attribute of a user Right Login time segment Description According to the login time segment. Locked status Bound IP address 3-4 Huawei Technologies Proprietary Issue 02 (2007-10-15) . The locked user cannot log in to the DMS. When the user fails to login within the specified attempts (3 attempts by default). the IP address of the client. and monitoring authority. see Table 3-1. When the time for the locked status exceeds the set time (30 minutes by default). which allows different users to manage different objects. the account is locked.7 Authority and Domain Based Management The NMS provides authority and domain based management.8 User Right Allocation Policy The security attributes of a user include the login time segment. Change the IP address list bound to the user by modifying the attributes of the user account. departments from different domains and levels can manage the network coordinately. operation authority. locked status. the system automatically unlocks the account. For the description of attributes and related operations.1. and bound IP address. must be bound to the IP address list.

3.5 "Creating a User. you can set some accounts to be suspended. Figure 3-1 shows the complete flow chart of creating a user. you can enable a user to modify the password in a certain period of time. you can enable the account to be invalid after the account exceeds the expiring time. Set the password not to valid forever and set the expiring time of the password to enable the user to modify the password in the certain period of time. Set expiring days of an account when you set up a temporary account. a user group and a user. Operation Set the account to be valid forever when you set up a long-term account." if it is not necessary to set a special operation set and user group. Set the password to be valid forever. Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-5 . Setting the expiry of the password. In the real operation. the system pre-sets many operation sets and user groups.iManager N2000 DMS Datacomm Network Management System Administrator Guide 3 DMS User Management Right Account expiring time Description Setting the expiring time of an account. Suspend account Password expiring time Set the account to be suspended. The user can use the current password. For maintenance. So the administrator only needs to perform the operations described in section 3.2 Creating User Flow Chart The complete flow chart of creating a user contains the operations of creating an operation set.

the user can divide the operation granularity according to different application needs. For the description of parameters. Step 3 The New Operation Set dialog box is displayed. Type and Subtype of the operation set. a user can define operation sets according to actual management needs. see Table 3-2. 3-6 Huawei Technologies Proprietary Issue 02 (2007-10-15) . Then the security management interface is displayed. choose System > Security Management.3 Creating an Operation Set Description Crating an operation set. as shown in Figure 3-2. Step 4 Configure the parameters Name. Precaution The user has the right to create an operation set. Step 2 On the Security Object navigation tree on the left. Right click and choose New Operation Set. Thus.3 DMS User Management iManager N2000 DMS Datacomm Network Management System Administrator Guide Figure 3-1 Complete flow chart of creating a user Start Create operation set Create a user group Create a user End 3. Procedure Step 1 In the NMS. In the NMS. choose the Operation Sets node. Description.

Setting It must be a string with 1 to 64 characters. Select the operations contained in the operation set. It cannot be null or be the same with that of an existing operation set. It refers to the security type in the NMS. The Add Operation dialog box is displayed. Click Add to add the operations in the selected box. It is selected from the drop-down list. Select the Operations tab in the working area on the right. It is a mandatory item. Subtype It refers to the subtypes of each security type. Step 7 Click Add. as shown in Figure 3-3. It must be a string with 0 to 64 characters. Step 5 Click OK and return to the security management interface. It is Fixed Network Device Management by default.iManager N2000 DMS Datacomm Network Management System Administrator Guide 3 DMS User Management Figure 3-2 New operation set Table 3-2 Parameter description in the new operation set dialog box Parameter Name Description It refers to the name of an operation set. It is selected from the drop-down list. Description Type You can enter other descriptions here. It is 3rd-Party Device by default. Step 6 On the navigation tree on the left. Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-7 . click the new-created operation set.

Thus. Complete the creation of the operation set. In the NMS. ----End 3. choose the User Groups node. Then the security management interface is displayed. 3-8 Huawei Technologies Proprietary Issue 02 (2007-10-15) . Procedure Step 1 In the NMS. Step 2 On the Security Object navigation tree on the left. the rights can be fractionalized. choose System > Security Management. a user can define a user group according to actual application needs and allocate different rights to the user group.3 DMS User Management iManager N2000 DMS Datacomm Network Management System Administrator Guide Figure 3-3 Adding operations Step 8 Click OK and return to the security management interface. Precaution The user has the right to create a user group. Right click and choose the New User Group menu.4 Creating a User Group Description Create a new user group.

Configure the Name and Description of the user group. Select the value in Limit maximum number of sessions. . The Set User Group Administrator If it is needed to set the group administrator. For the description of parameters. as shown in Figure 3-4.iManager N2000 DMS Datacomm Network Management System Administrator Guide 3 DMS User Management Step 3 The Create New User Group dialog box is displayed. Figure 3-4 Creating a new user group Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-9 . click dialog box is displayed. you need to configure the Maximum number of sessions. see Table 3-3. Click OK and return to the Create New User Group dialog box. Select the administrator. If Yes is selected.

Select the Members tab in the working area on the right. 4. Step 4 Click OK and return to the security management interface. as shown in Figure 3-5. 3. Select the user to be added to the group. By default. It cannot be null or be the same with that of an existing user group. You can select Yes or No. The administrator can add users. Value range: 0–5. By the button . Setting It must be a string with 1 to 20 characters. select a group administrator. Click Add. allocate the domain and operate the rights. Click OK and return to the security management interface. Step 5 This step is optional. you can configure this parameter. On the navigation tree on the left. you can add the created user to the user group. it is 5. Description Limit maximum number of sessions Maximum number of sessions Group Manager You can enter other descriptions here. It refers to the maximum number of sessions of the user group. 3-10 Huawei Technologies Proprietary Issue 02 (2007-10-15) . Click Add. it is No.3 DMS User Management iManager N2000 DMS Datacomm Network Management System Administrator Guide Table 3-3 Parameter description in the create new user group dialog box Parameter Name Description It refers to the name of a user group. By this step. 1. When the Limit maximum number of sessions is Yes. The Add Operation dialog box is displayed. click the new-created user group. 2. By default. It refers to whether the user group is limited by the maximum number of session. It must be a string with 0 to 48 characters. It is mandatory.

iManager N2000 DMS Datacomm Network Management System Administrator Guide 3 DMS User Management Figure 3-5 Adding users Step 6 On the navigation tree on the left. Click Apply. Select the Managed Domain tab in the working area on the right. click the new-created user group. and then corresponding sub-items. Step 7 Expand the Submap and the Resource Group. Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-11 . as shown in Figure 3-6. you can configure the management domain of the device for the user group. Selecting the check box before the device in the AS domain.

3. The Add Right dialog box is displayed. Click Add. 2. Click Add.3 DMS User Management iManager N2000 DMS Datacomm Network Management System Administrator Guide Figure 3-6 Setting the managed domain of the user group Step 8 On the navigation tree on the left. as shown in Figure 3-7. 1. Operation Object and Operation. Click OK and return to the security management interface. click the new-created user group. Subtype. 3-12 Huawei Technologies Proprietary Issue 02 (2007-10-15) . Select the Operation Rights tab in the working area on the right. Choose Type.

Right click and choose New User. choose the Users node. Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-13 . Procedure Step 1 In the NMS.5 Creating a User 3.iManager N2000 DMS Datacomm Network Management System Administrator Guide 3 DMS User Management Figure 3-7 Adding rights Step 9 In the navigation tree on the left. Precaution The user has the right to create a new user.5.1 Adding a User Description Create a new user. The user information of the user group is displayed. and then select the Current Session tab. Then the security management interface is displayed. ----End 3. choose System > Security Management. click the new user group. Step 2 On the Security Object navigation tree on the left.

The parameter cannot be null or cannot be the same with that of an existing user group. The length of the character string is from 8 to 16. It is the information that the maintenance personnel needs to describe. This parameter can be null. It is a string with characters less than 80. This parameter can be null. It cannot be the incremental. Full name Description Password 3-14 Huawei Technologies Proprietary Issue 02 (2007-10-15) . or interval sequence of figures and letters. descending. It shows the full name of the user. It must contain a figure and a letter. see Table 3-4.3 DMS User Management iManager N2000 DMS Datacomm Network Management System Administrator Guide Step 3 The New User dialog box is displayed. It is a string with characters less than 245. It is the password of the new-created user and is not null. as shown in Figure 3-8. For the description of parameters. but not an entire user name or an entire word. Figure 3-8 New users Table 3-4 Parameter description of adding new users Parameters Name Description The length of the character string is from 6 to 20.

the account of the user is locked. the amount is valid. It specifies the user groups managed by the user. It specifies the amount of the users who is online at the same time.. It can be Yes or No. online users Managed User Groups Step 4 Select the Advanced tab. Password always valid Password validity (days) Login duration Lock account on no login No login period(days) Must modify password Max. the user fails to log in. online users are restricted Max. Limit the time when the user logs in to the system. By default. Configure the advanced information of the user. to which the new user belongs. it is No. on the right to enter the time. After the new user is granted to the user group. When you choose Yes in the Max. It can be Yes or No. It is any time by default. This parameter must be the same with the password. By default.iManager N2000 DMS Datacomm Network Management System Administrator Guide 3 DMS User Management Parameters Confirm password Suspend account Account always valid Account validity(days) Description Confirm the password. online users are restricted. it is 30 days by default. It is 30 by default. the amount of the online users is limited by the Max. There are two modes of granting rights. the user has the management and operation rights of the user group. Choose the user group by clicking . When the user logs in. Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-15 . as shown in Figure 3-9. You can also use the default value 180. If the amount of users reaches the maximum value. If you choose Max. Click . If you select Yes in the Password validity check box. it is No. the system automatically judges whether the amount of the users reaches the maximum value according to the DMS license. When Lock account on no login is Yes. It can be Yes or No. the user must modify the login password when logging in to the system first time. If the user does not log in to the system in the specified period of login. Add the time when the Login time dialog box appears. If you choose No in the Account validity check box. you can enter the validity days in the box. The value range is from 1 to 255. "belong to" and "copy the user rights ". It is 90 days by default. online users. no limit is on the days. it is No. online users are restricted. The rights are granted to the user in the advanced information.. you can input the validity days in the box. If you choose No in the Password validity check box. Belong to Select the user group. Specifies the maximum days of the interval of user login. If choosing Must modify password. By default.

you can directly grant the managed domain and operation rights to the user. And then the new user has the management and operation rights of the user whose rights are copied to the new user. 3-16 Huawei Technologies Proprietary Issue 02 (2007-10-15) . After a user is added to the user group. Precaution If you do not allocate the user to the user group. ----End 3.2 Adding Users to a User Group Description Add users to the user group.5. Figure 3-9 Advanced information of the users Step 5 Click OK.3 DMS User Management iManager N2000 DMS Datacomm Network Management System Administrator Guide Copy the user rights Copy the user rights to the new user. the user has the managed domain and operation rights of the user group.

Figure 3-10 Adding user groups ----End 3. Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-17 . click the new-created user. the user has the rights of the user group.3 Setting User ACL Rights Description Configure the clients that can log in to the DMS server. managed domain and operation rights to the user.iManager N2000 DMS Datacomm Network Management System Administrator Guide 3 DMS User Management If you grant the user group. Step 3 Select the user group that the user belongs to. you can log in from any client in the ACL. Complete the operations on the user group that the user belongs to.5. Procedure Step 1 On the navigation tree on the left. The Add User Group dialog box is displayed. Precaution If you do not select the Enable user ACL check box. Step 4 Click OK. Step 2 Click Add. managed domain and operations. Select the Groups tab in the working area on the right. as shown in Figure 3-10. Click Add.

Select the Access Allowed check box. the legal user can log in to the server from the client whose IP address ranges from 10. Click OK. The Add dialog box is displayed.254.1 to 10. The IP address of the network segment is shown in the form of IP network segment address/mask. such as 10. click the new-created user group. Step 2 Click Set ACL. ----End 3-18 Huawei Technologies Proprietary Issue 02 (2007-10-15) . as shown in Figure 3-11. Click Close. select the Enable user ACL check box. Set that the user can only access from the selected IP address or network segment.60. Figure 3-11 Adding an ACL Step 5 Return to the Set ACL dialog box. Step 7 Click Apply.71.3 DMS User Management iManager N2000 DMS Datacomm Network Management System Administrator Guide If you select the Enable user ACL check box.71. That is. Step 4 Enter the IP address of the user or the network segment that the user belongs to. Procedure Step 1 On the navigation tree on the left.60.60. Step 3 Click Add. Step 6 In the ACL Setting tab.0/24.71. Select the ACL Setting tab in the working area on the right. you can log in only from the selected client. The Set ACL dialog box is displayed.

The managed domain of the user can be adjusted based on the rights of the user group. Step 2 On the Users node of the Security Object navigation tree. Step 3 Select the Managed Domain tab in the information area displayed on the right of the window. as shown in Figure 3-12. If the user does not belong to the default maintenance group.4 Granting the Managed Domain to a User Description Grant the managed domain to a user. the granted rights cannot exceed the managed domain of the current user. If the user belongs to the default maintenance group.iManager N2000 DMS Datacomm Network Management System Administrator Guide 3 DMS User Management 3. Procedure Step 1 Choose System > Security Management. click the user to be configured.5. Step 4 Choose the devices that can be managed by the user. you can adjust and then clarify the resource that can be managed by the user. Precaution During the procedure of granting the managed domain to the user. Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-19 . the user has the managed domain of all devices in the submap that can be managed by the user group.

5 Granting Operation Rights to a User Description Grant operation rights to a user. Step 3 Choose the Operation Rights tab in the information area displayed on the right of the window. ----End 3. Step 2 On the Users node of the Security Object navigation tree. Step 5 In the opened Add Right dialog box. Step 4 Click Add. Click Add. Select the operation name. select Type and Subtype. 3-20 Huawei Technologies Proprietary Issue 02 (2007-10-15) .3 DMS User Management iManager N2000 DMS Datacomm Network Management System Administrator Guide Figure 3-12 Granting the managed domain to a user Step 5 Click Apply to grant the managed domain to the user. as shown in Figure 3-13. Procedure Step 1 Choose System > Security Management.5. click the user to whom the operation rights are granted. Add the name to the operation domain box.

Step 2 On the Security Object navigation tree. who has the right of forcing other users to exit. Precaution Only the user. Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-21 . Procedure Step 1 Choose System > Security Management.6 Forcing a User to Exit Description Force the user who logs in to the DMS to exit. The information of the user who logs in is displayed in the window on the right. choose Login User Information. can perform the operation. In the short-cut menu that is displayed. Step 3 Right click the page. choose the Users node. The admin user can force other users to exit and other users cannot force the admin user to exit. ----End 3.iManager N2000 DMS Datacomm Network Management System Administrator Guide 3 DMS User Management Figure 3-13 Granting operation rights to a user Step 6 Click OK to add specified operation rights to the user.

choose Login User Information. 3-22 Huawei Technologies Proprietary Issue 02 (2007-10-15) .7 Sending a Message to Selected Client Description Send a message to the specified client or all other clients to enable the users who are in different places to exchange the maintenance information in real time. You can send the same message to all other clients. Choose Send Message to Selected Client.8. right click to choose Send Message to All Other Clients. Right click the page. In the current user. ----End 3. Procedure Step 1 Choose System > Security Management. enter the contents of the message. Step 4 Perform the following the two operations: Select the user who receives the message. Step 5 In the confirmation dialog box. In the short-cut menu that is displayed. click OK. you can send a message to the selected client. Click Send. Step 3 Right click the page.3 DMS User Management iManager N2000 DMS Datacomm Network Management System Administrator Guide Step 4 Choose the user who is going to exit forcibly. Right click the page. ----End 3. State or provincial users can do the following: Manage all Access Router (AR) devices inside the state or province Monitor directly-associated BR devices State or provincial users cannot manage CR devices. Step 2 On the Security Object navigation tree. The information of the user who logs in is displayed in the window on the right. which is displayed.1 Application Scenario Corporate users can manage specified Core Router (CR) and Border Router (BR) devices. Choose Force to Exit in the short-cut menu that is displayed. choose the Users node.8 Configuration Example for Authority and Domain Based Management 3. Step 5 In the Send Message to Selected Client or Send Message to All Other Clients dialog box that appears.

Manages all AR devices in the state or province. as shown in Figure 3-14. Classifying Submap Classify submaps according to states or provinces.8.2 Configuration Roadmap Figure 3-14 Network planning diagram User Group-1 and User Group-2 are user groups for a state or province. and has operation authorities. Configuration operations to AR devices in the state or province are allowed. Classifying User Authorities Create a state or provincial user for each state or province. but cannot perform configuration operations. Monitors directly-associated BR devices. Classifying User Groups Core monitor group Manages and monitors specified CR and BR devices. Figure 3-15 shows the management range of the state or provincial user. and a state or province corresponds to a submap. Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-23 .iManager N2000 DMS Datacomm Network Management System Administrator Guide 3 DMS User Management 3. The user features the following: Belongs to the state or provincial user group and core monitor group. A submap contains only AR devices inside the state or province. State or provincial user group Manages AR devices in the state or province only. BR and CR devices locate in the physical view and are not classified.

3 Configuration Guide Here takes configuring the User-1 user as an example. The configuration of the User-2 user is the same. Figure 3-16 shows the operation flowchart.8.3 DMS User Management iManager N2000 DMS Datacomm Network Management System Administrator Guide Figure 3-15 Management range of the state or provincial user 3. Figure 3-16 Operation flowchart Start Create an operation set Create the core monitor group Create the user group-1 Create the user-1 End 3-24 Huawei Technologies Proprietary Issue 02 (2007-10-15) .

1. 1. 2. and maintainers. 3. but do not select User Group-1(AR) and User Group-2(AR). Expand Submap > Physical Map. and enter description information. 2. Click Apply. The Create New User Group dialog box is displayed. click Core Monitor Group. and select New User Group. In navigation tree on the left. Right-click it. 1.iManager N2000 DMS Datacomm Network Management System Administrator Guide 3 DMS User Management Creating an Operation Set In the system. ----End Creating the User Group-1 Step 1 Create the User Group-1. Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-25 . and select the Managed Domain tab in the working area on the right. For details. The Core Monitor Group can monitor all BR and CR devices. In Security Object navigation tree on the left. as shown in Figure 3-17. In Security Object navigation tree on the left. watchers. and select New User Group. Enter Core Monitor Group as the user group name. 3. Enter User Group-1 as the user group name. Figure 3-17 Setting managed domain for the core monitor group 3. A user can also customize an operation set. there are many types of preset operation sets for operators. select the User Groups node. and enter description information." Creating the Core Monitor Group Step 1 Create the Core Monitor Group. see section 3. The Create New User Group dialog box is displayed. Click OK.3 "Creating an Operation Set. 2. Right-click it. select Physical Map. Step 2 Set Managed Domain for Core Monitor Group. Click OK. select the User Groups node.

The Add Right dialog box is displayed. as shown in Figure 3-18. Select the Operation Rights tab in the working area on the right. 1. Click Apply. Step 3 Set Operation Rights for User Group-1. Click Add. Expand Submap > Physical Map. 3. and add related operator operation sets to the operation authority list. Select Network Management Application for Type. select values for Subtype in turn. 1.3 DMS User Management iManager N2000 DMS Datacomm Network Management System Administrator Guide Step 2 Set Managed Domain for User Group-1. click User Group-1. and add related operator operation sets to operation authority list. 2. 2. select User Group-1(AR). Select Fixed Network Device Management for Type. as shown in Figure 3-19. select values for Subtype in turn. In navigation tree on the left. Figure 3-18 Setting the managed domain for the user of User-1 3. 3-26 Huawei Technologies Proprietary Issue 02 (2007-10-15) . and select the Managed Domain tab in the working area on the right.

Right-click it. ----End Creating the User-1 Step 1 Create a user for User Group-1 1. Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-27 . as shown in Figure 3-20. select the Users node. 2.iManager N2000 DMS Datacomm Network Management System Administrator Guide 3 DMS User Management Figure 3-19 Setting operation authorities for User Group-1 4. and select New User. Click OK. Set general information. In Security Object navigation tree on the left.

Select all devices in User Group-1 and all directly-associated BR devices. Step 3 Set the ACL authority for the user. Click OK. Click User-1. 1. 1. Select the Operation Rights tab in the working area on the right. The Add User Group dialog box is displayed. 2. 3-28 Huawei Technologies Proprietary Issue 02 (2007-10-15) . and select the Groups tab in the working area on the right. see 3. Click Add. and set ACL for Area-1 User. and click Apply.3 DMS User Management iManager N2000 DMS Datacomm Network Management System Administrator Guide Figure 3-20 Creating a user 3. 2.3 "Setting User ACL Rights. Step 2 Set the user group that the User-1 belongs to. 3. For details. Select the Managed Domain tab. 1. Select User Group-1 and Core Monitor Group. 4. Click OK.5." Step 4 Set the managed domain for User-1. Select the ACL Setting tab in the working area on the right. and click Add. Click Add. and expand Submap > Physical Map. Step 5 Set operation rights for User-1.

Select Fixed Network Device Management for Type. and then select NE40E-1(BR) in the Operation Object area. 3. Figure 3-21 show the topology view. 4. and click Add. Select NE40E Monitor Operation Set. The User-1 has operations authorities to all devices in the state or province. 2. Figure 3-21 Topology view for the User-1 Step 2 Verify the operation authorities of the User-1 to AR and BR devices. Click OK. ----End 3. ----End Issue 02 (2007-10-15) Huawei Technologies Proprietary 3-29 .iManager N2000 DMS Datacomm Network Management System Administrator Guide 3 DMS User Management The Add Right dialog box is displayed. select NE40E for Subtype. but can only monitor directly-associated BR device NE40E-1.4 Verifying the Configuration Example Step 1 Log in to the NMS client as the User-1.8.