Nokia IPSO 4.0 User Manual
Nokia Network Voyager for IPSO 4.0 Reference Guide
293
Control who can log in through SSH.
For most other functions that are generally associated with groups, use the role-based
administration feature, described in
administration feature, described in
To add or edit a group
1. Click Groups under Configuration > Security and Access Configuration in the tree view..
2. Under Add Group Name, enter the name (eight or fewer characters) of the new group and a
group ID number.
The group ID must be unique. Suggested values are between 101 and 65000. Range: 0-
65535. Nokia recommends that you reserve 0 to 100 for system use, although this is not
enforced. Numbers 0 and 10 are reserved for the predefined Wheel and Other groups
respectively. GIDs 65533 & 65534 are also reserved.
65535. Nokia recommends that you reserve 0 to 100 for system use, although this is not
enforced. Numbers 0 and 10 are reserved for the predefined Wheel and Other groups
respectively. GIDs 65533 & 65534 are also reserved.
3. Click Apply.
The new group information appears on the page.
4. To add a new member to a group, enter the user name in the Add new member text box and
click Apply.
5. To delete a member from the group, select the user name from the Delete member text box
and click Apply.
6. Click Save to make your changes permanent.
Role-Based Administration
When you add a new user, the user is given read-only privileges to the Nokia Network Voyager
home page and CLI prompt but cannot access other Network Voyager pages or execute
commands from the CLI prompt. You must assign roles to the user to provide additional access
privileges.
home page and CLI prompt but cannot access other Network Voyager pages or execute
commands from the CLI prompt. You must assign roles to the user to provide additional access
privileges.
Role-based administration (RBA) allows IPSO administrators to create and use separate roles.
With RBA, an administrator can allow users to access specific features by including the features
in a role and assigning the role to users. Each role can include a combination of administrative
(read/write) access to some features, monitoring (read-only) access to other features, and no
access to still other features. This feature also provides improved auditing capabilities.
With RBA, an administrator can allow users to access specific features by including the features
in a role and assigning the role to users. Each role can include a combination of administrative
(read/write) access to some features, monitoring (read-only) access to other features, and no
access to still other features. This feature also provides improved auditing capabilities.
To assign a set of access permissions to a user, create a role that specifies levels of access to
features you want to include, then assign this role to the relevant user. You can also specify
which access mechanisms (Network Voyager or the CLI) are available to the user when you
assign a role to the user.
features you want to include, then assign this role to the relevant user. You can also specify
which access mechanisms (Network Voyager or the CLI) are available to the user when you
assign a role to the user.
If your system is part of a cluster, you can create and assign roles that provide access to the entire
cluster for the associated features. See
cluster for the associated features. See
for detailed
information about this type of user.