Manualshelf

Troubleshooting guide

ManualsBrandsAlcatel ManualsComputer equipmentSecurity Management Server (SMS) Release 9.4
21222324252627282930
2 — 5620 SAM user security tasks
Alcatel-Lucent 5620 Service Aware Manager 2-3
5620 SAM
System Administrator Guide
2.2 User account and group management
You can create 5620 SAM user accounts and user groups to:
provide GUI or OSS access to the 5620 SAM functional areas that match specific
operator requirements
restrict access to functions or objects based on operator expertise or authority
Users have view access, read-write access, or no access to 5620 SAM objects and
functions based on:
the user group to which they belong.
the scope of command profile assigned to the user group.
The 5620 SAM user account that is called admin is created during 5620 SAM
installation. The admin account is assigned the administrator scope of command role
and a span of control profile that has Edit Access assigned to each default span.
General 5620 SAM security management rules
The following general rules apply to 5620 SAM user and group security
management:
Only database space limits the number of accounts and groups that can be created.
A user cannot belong to more than one user group.
Only one session per user account can be open at the same time on a client station.
A scope of command profile allows user-group access to one or more 5620 SAM
functional areas.
A span of control profile allows user-group access to one or more 5620 SAM
managed objects.
A user group is associated with only one scope of command profile that can
contain multiple scope of command roles.
A user group is associated with only one span of control profile that can contain
multiple spans.
Caution — Because the 5620 SAM cannot obtain an authentication
secret value from an NE, Alcatel-Lucent recommends that you use
only the 5620 SAM to configure a shared authentication secret on an
NE. If you configure a shared authentication secret on a managed NE
using another interface, for example, a CLI, the 5620 SAM cannot
synchronize the security policy with the NE.
Note — To restrict user access to top-level 5620 SAM functions such
as 5620 SAM and NE security management, Alcatel-Lucent
recommends the following:
Assign the administrator scope of command role to a minimal
number of 5620 SAM user accounts.
Assign each 5620 SAM user to a user group that has the minimum
privileges for performing the required tasks.
Release 12.0 R6 | November 2014 | 3HE 08861 AAAF TQZZA Edition 01