Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Version: 12.10.040
ZTE CORPORATION
NO. 55, Hi-tech Road South, ShenZhen, P.R.China
Postcode: 518057
Tel: +86-755-26771900
Fax: +86-755-26770801
URL: http://ensupport.zte.com.cn
E-mail: support@zte.com.cn
LEGAL INFORMATION
Copyright © 2011 ZTE CORPORATION.
The contents of this document are protected by copyright laws and international treaties. Any reproduction or
distribution of this document or any portion of this document, in any form by any means, without the prior written
consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by
contractual confidentiality obligations.
All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE
CORPORATION or of their respective owners.
This document is provided “as is”, and all express, implied, or statutory warranties, representations or conditions
are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose,
title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the
use of or reliance on the information contained herein.
ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications
covering the subject matter of this document. Except as expressly provided in any written license between ZTE
CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter
herein.
ZTE CORPORATION reserves the right to upgrade or make technical change to this product without further notice.
Users may visit ZTE technical support website http://ensupport.zte.com.cn to inquire related information.
The ultimate right to interpret this product resides in ZTE CORPORATION.
Revision History
I
5.1 Introduction to Role Set Management .................................................................. 5-1
5.2 Creating a Role Set ............................................................................................ 5-1
5.3 Modifying a Customised Role Set ........................................................................ 5-3
5.4 Duplicating a Role Set ........................................................................................ 5-4
5.5 Deleting a Role Set ............................................................................................ 5-5
5.6 Viewing the Users Assigned with a Selected Role Set .......................................... 5-6
5.7 Locking a Role Set ............................................................................................. 5-6
Figures............................................................................................................. I
Tables ............................................................................................................ III
Glossary .........................................................................................................V
II
About This Manual
The NetNumenTM U31 R18 Unified Element Management System (NetNumen U31 or
EMS) is a special network element management system that manages network elements
in radio access systems. By using NetNumen U31, users can configure and maintain
individual network elements, and manage radio access networks in a unified manner.
NetNumen U31 provides the following management functions:
l Configuration management
l Fault management
l Performance management
l Topology management
l Security management
As an object-oriented system designed on the JAVA 2 platform Enterprise Edition (J2EE),
NetNumen U31 provides unified standard interfaces to external devices.
Purpose
This guide describes the security management operations in the NetNumen U31 system.
Intended Audience
l Maintenance engineers
l Debugging engineers
Chapter Summary
I
Chapter Summary
II
Chapter 1
Overview
Table of Contents
Introduction to Security Management Functions .........................................................1-1
Basic Concepts of Security Management ...................................................................1-1
Relation Model ...........................................................................................................1-2
Security Management Solution...................................................................................1-4
Authentication and Access Control .............................................................................1-5
Authentication Modes.................................................................................................1-6
Auditing ......................................................................................................................1-6
Centralized Security Management..............................................................................1-6
Implicit Prerequisites ..................................................................................................1-7
l Role
A role specifies the management permission for a user group, including the operation
permission and managed resources.
1-1
à The operation permission allows the user group to use specific functional
modules of the EMS. For example, if a role has the operation permission of
the log management module, the users assigned with the role can perform log
management operations, such as querying logs and maintaining logs.
à The managed resources refer to the subnetworks and/or the network elements
that can be managed by the role.
In application, the operation permission and managed resources combine to decide
the actual authorities of a role. For example, if a role is assigned a base station as
one managed resource, and topology management as the operation permission, the
actual permission of the role is to perform topology management on the base station.
l Role Set
A role set is a collection of roles. The permissions of a role set involves those of all
roles in the role set.
l Operation Set
An operation set is a collection of operations. If an operation set is assigned to a
role, this role has the permission of all operations specified in the operation set on the
resource.
l Department
Departments are specified in the EMS to simulate the actual administrative
departments. In this way, the system administrator can easily manage users in the
EMS. A newly-created user must belong to a department.
Note:
By default, a newly created user belongs to the root department of the system unless
otherwise specified.
l User
A user is an operator authorised to log in to the system and perform certain
operations in the system. When creating a user, the system administrator assigns
the management permission to the user by specifying one or more roles or role sets
(The actual permission of a user is the combination of the authorities of all roles or
role sets assigned to the user). The administrator can also allocate the user to a
department based on actual requirements.
1-2
In the NetNumen U31 system, the roles include default roles and custom roles.
Default roles include:
l Administrator Role
l Maintenance Role
l Operator Role
l Supervisor Role
Custom roles have user-defined permissions, which depend on the managed resources
and related operation rights. The NetNumen U31 system supports adding, deleting, and
modifying custom roles.
By customizing roles and assigning role(s) to users, you can allocate users different
permissions. The users can perform authorized actions in the system according to their
permissions.
The relations among user, role, role set, department, operation permission, and managed
resources are illustrated in Figure 1-1.
l A user must belong to a department. A department can include one or more users.
l A user must be assigned with at least one role. A role can be assigned to any number
of users.
l A user can be assigned with one or more role sets. A role set can be assigned to any
number of users.
l The permissions of the role(s) or role set(s) assigned to the user decide the user’s
actual permission.
1-3
l A role set must include at least one role. A role can be assigned to any number of
role sets.
l The permissions assigned to the managed resources of a role decide the actual op-
eration permission of the role.
Suppose a telecom operator in a province plans to use the NetNumen U31 system to
manage all Base Station Controllers (BSCs) and Base Transceiver Stations (BTSs) in the
province. Several branch offices are distributed in the province. Each office only manages
the devices in the area administrated by it. Table 1-1 provides a security management
solution for the telecom operator in a province, which specifies the departments, role sets,
roles, operation sets, users, and their relations.
1-4
1-5
The authentication mechanism in the NetNumen U31 system ensures that the user can
perform authorized operations and forbids unauthorized operations. In this way, the
authentication mechanism protects the key system functions and ensures the security of
sensitive data.
1.7 Auditing
NetNumen U31 supports log management. The logs include system logs, security logs,
and operation logs.
Operation log is the records of operations and events generated by the user interface.
Security log is the records of security events such as a user's accessing of the system.
System Log is the records of events generated by the system, such as time task, data
processing.
Log management includes tracing all operations performed by each user. Log
management provides a convenient and friendly user interface for log query. Custom
query of log data (fuzzy match or exact match) can be performed according to user name,
event and operation information.
1-6
Note:
For the client/server architecture, refer to NetNumen U31 Mobile Network Element
Management System System Description.
1-7
1-8
Steps
1. On the menu bar of the client window, click Security > customise User Account Rule
to open the customise User Account Rule dialogue box, as shown in Figure 2-1.
2-1
2. Set parameters to customize user account rule according to the actual requirements,
based on description in Table 2-1.
2-2
2-3
2-4
Note:
A locked (permanently or temporarily) user can only be unlocked by the administrator
user (Admin). For a temporarily locked user, the account can be unlocked after the
specified duration.
– End of Steps –
2-5
2-6
3-1
Note:
The following five default operation sets cannot be modified or deleted.
l Administrator Right
l System Maintenance Right
l Operation Right
l View Right
l No Right
l Operator View Right
The Operator View Right is only available when the Radio Access Network (RAN) network
sharing function is enabled.
Steps
1. On the menu bar of the client window, click Security > Role Management to open the
Role Management view.
2. On the Role Management pane, click any node under Role to display the information
of the selected role in the right pane.
3-2
4. Under General Information, type the name and description of the new operation set
in the Operation Set Name and Operation Set Description boxes.
5. On the Operation Tree, select the operations you want to add to the operation set.
Note:
The name of the new operation set cannot be the same as any existing one.
6. Click OK.
– End of Steps –
Result
The created operation set appears in the operation set list under Access Rights.
Steps
1. On the menu bar of the client window, click Security > Role Management to open the
Role Management view.
3-3
2. In the Role Management pane, click any node under Role to display the information
of the selected role in the right pane.
3. Under Access Rights in the right pane, right-click the operation set to be viewed in
the operation set list, and then click Browse Operation Set on the shortcut menu.
4. View the information of the operation set in the pop-up Browse Operation Set
dialogue box, such as its name, description, and assigned operations.
5. Click OK to finish.
– End of Steps –
Steps
1. On the menu bar of the client window, click Security > Role Management to open the
Role Management view.
2. In the Role Management pane, click any node under Role to display the information
of the selected role on the right pane.
3. Under Access Rights in the right pane, right-click the operation set to be modified in
the operation set list, and then click Modify Operation Set.
4. In the pop-up Modify Operation Set dialogue box, modify parameters as needed.
b. On the Operation Tree, select the operations you want to add to the operation set
and/or clear the operations you want to remove from the operation set.
5. Click OK to save the modification and close the Modify Operation Set dialogue box.
– End of Steps –
Result
After successful modification of the operation set, all roles assigned with this operation set
change accordingly. If a login user has been assigned with such role, the system will force
the user to log out.
3-4
To create a new operation set by duplicating an existing operation set, do the following:
Steps
1. On the menu bar of the client window, click Security > Role Management to open the
Role Management view.
2. In the Role Management pane, click any node under Role. The information of the
selected role appears in the right pane.
3. In the Access Rights area in the right pane, right-click the operation set to be
duplicated in the Operation Set list, and then click Duplicate Operation Set.
4. In the pop-up Duplicate Operation Set dialogue box, type the name and description
of the duplicated operation set, and modify the selection of operations as needed.
Note:
You can leave the description and operation selection unchanged when it is necessary.
5. Click OK.
– End of Steps –
Result
A new operation set appears in the operation set list. If you has not modified the description
and permitted operations while duplicating the existing operation set, the newly-created
operation set with a different name has the same description and permitted operations as
those of the duplicated one.
3-5
Steps
1. On the menu bar of the client window, click Security > Role Management to open the
Role Management view.
2. In the Role Management pane, click any node under Role to display the information
of the selected role in the right pane.
3. Under Access Rights in the right pane, right-click the operation set to be deleted in
the operation set list, and then click Delete Operation Set.
4. In the pop-up Confirm dialogue box, click Yes to delete the selected operation set.
– End of Steps –
Result
The deleted operation set disappears from the operation set list. If a role has been
assigned with this operation set, “NO Right” is assigned to the role by default after the
deletion of the original operation set. And the login users assigned with this role are
forced to log out and log in for another time.
Steps
1. On the menu bar of the client window, click Security > Role Management to open the
Role Management view.
2. On the tree of the Role Management pane, click any node under Role to display the
information of the selected role on the right pane.
3. Under Access Rights in the right pane, click
and click View All Operations from
the drop-down menu, or right-click any operation set in the operation set list, and
then click View All Operations to open the View All Operations dialogue box.
4. Expand the Operation Tree and click the operation you want to view on the tree. The
description of the selected operation is displayed on the right pane, as shown in Figure
3-2.
3-6
– End of Steps –
Steps
1. On the menu bar of the client window, click Security > Role Management to open the
Role Management view.
2. On the tree of the Role Management pane, click any node under Role to display the
information of the selected role in the right pane.
4. Set the file name and path in the pop-up Save dialogue box, and click Save.
3-7
Result
The XLS file containing the information of all operation sets appears under the selected
directory.
Context
You can edit the information of one or more customised operation set(s) saved in an XLS
file exported earlier from another client, and then import the file into the current client to
add one or more operation sets.
Caution!
Be sure that the content format of the file to be imported is the same as the that of the
exported XLS file that is generated by the function “Export all customised operation sets”.
Refer to the section Exporting All Customised Operations Sets”. And the operation set
name in the file must be different from any existing operation set in the system.
Steps
1. On the menu bar of the client window, click Security > Role Management to open the
Role Management view.
2. In the Role Management pane, click any node under Role to display the information
of the selected role in the right pane.
3. Under Access Rights in the right pane, click
, and select Import Operation Set
from the drop-down menu, or right-click any operation set in the operation set list,
and then click Import Operation Set to open the Open dialogue box.
4. Select the file to be imported in the list box and click Open.
3-8
Result
The imported operation set appears in the operation set list.
3-9
3-10
The role management is the basis of role set management and user management. Roles
are members of a role set. A user must be assigned with a role or a role set for performing
related operations in the system. A user without a role or role set can log in to the system,
but has no operation permissions.
NetNumen U31 supports the following role management functions:
l Creating a Role: set the name, description, locking status, operation permission and
operation set to create a new role.
l Modifying a Role: modify the description, locking status, operation permission and
operation set of an existing role.
l Duplicating a Role: duplicate an existing role and create a new role based on the
information of the duplicated role.
l Deleting a Role: delete a useless role.
l Locking a Role: lock a role to disable the operation permission assigned to the role.
Note:
4-1
Steps
1. On the menu bar of the client window, click Security > Role Management to open the
Role Management view.
2. Right-click any node under Role on the tree of the Role Management pane, and click
Create Role to display role-creating parameters in the right pane, as shown in Figure
4-1.
3. Under Basic Information in the right pane, set role name and description.
Table 4-1 explains the basic parameters of a role.
4-2
4. Under Access Rights in the right pane, click a resource node on the Resource Tree
and then select an operation set from the option buttons on the right of the Resource
Tree.
Tip:
To select multiple resource nodes at a time, press and hold CTRL and then click the
resource nodes one by one. Or, to select continuous nodes on the tree, you can press
and hold SHIFT, while click the first and the last nodes.
Parameter Description
The resource tree lists the resources in the network. You can select
the resources to be managed by the role.
To set a resource node (sub-node) with the same permission with its
parent node, right-click the sub-node, and click Follow Parent Node’s
Resource Tree
Right.
To set the sub-nodes permission with the same permission of a parent
node, right-click the parent node, and click Synchronize Rights of
Sub-nodes.
4-3
Parameter Description
The system provides the following five operation sets by default. You
can also customise other operation sets as needed.
l Administrator Right (Unavailable)
l System Maintenance Right
l Operation Right
l View Right
Operation Set
l No Right
l Operator View Right (available when the network sharing function
is enabled)
To view the details of an operation set, double-click the operation set
to open the Operation Set Configuration dialogue box, where you
can view specific authorities assigned.
5. To know the meaning of different resource icons, click Legend at the bottom right. The
Role Right Icon Description dialog box appears, as shown in Figure 4-2.
The resource icons of different permissions are described in the dialog box.
6. Click OK.
– End of Steps –
Result
The newly-created role appears under Role in the Role Management pane.
4-4
Steps
1. On the menu bar of the client window, click Security > Role Management to open the
Role Management view.
2. Do one of the following to display the modifiable parameters of the role on the right
pane.
l Right-click a customised role under Role in the Role Management pane, and
click Modify Role on the shortcut menu.
l Click a role node under Role in the Role Management pane, and then click
Modify on the right pane.
3. Under Basic Information, modify the role description and change the locking status
of the role as needed.
4. Under Access Rights, modify the operation set of a resource.
a. Click the resource node on the Resource Tree.
Note:
For description of the role parameters, refer to the section “Creating a Role”.
5. Click OK to finish.
– End of Steps –
Result
If a user assigned with the role to be modified has already logged in to the system, the
system will force the user to log out after the operation permission of the role is successfully
modified. The operation permission of this user changes correspondingly after another
login.
4-5
Steps
1. On the menu bar of the client window, click Security > Role Management to open the
Role Management view.
2. Under Role in the Role Management pane, right-click the role to be duplicated under
Role, and then click Duplicate Role.
3. Modify parameters on the right pane as needed.
Note:
l For the description of the role parameters, refer to the section “Creating a Role”.
l The default AdministratorRole cannot be duplicated.
4. Click OK.
– End of Steps –
Result
A new role appears under Role on the Role Management navigation tree. If you has not
modified the other properties while duplicating the existing role, the newly-created role with
a different name has the same operation permission as that of the duplicated one.
Steps
1. On the menu bar of the client window, click Security > Role Management to open the
Role Management view.
2. Under Role in the Role Management pane, right-click the role to be deleted under
Role, and then click Delete Role.
4-6
3. In the pop-up Delete Role dialogue box, click Yes to delete the role.
Note:
Users assigned with the role to be deleted are listed in the Delete Role dialogue box.
l If the deleted role has been assigned to a user and this user has only been
assigned with this role, the user is also deleted.
l If the deleted role has been assigned to a user and this user has been assigned
with other roles besides this role, the operation permissions of this user change
correspondingly after the deletion of this role. And if the user has logged in to the
system, the user will be forced to log out after this role is deleted.
– End of Steps –
Result
The deleted role disappears from the Role Management pane.
Steps
1. On the main menu, select Security > Role Management to open the Role
Management view.
2. Under Role on the tree of the Role Management pane, right-click the role you want
to view, and click View Assigned Users,
3. An Assigned Users dialogue box pops up, where you can view the users assigned
with that role.
4. Click OK to finish.
– End of Steps –
4-7
Context
The role-locking function only supports customised roles. If you need to lock a customised
role, do the following:
Steps
1. On the menu bar of the client window, click Security > Role Management to open the
Role Management view.
2. Do one of the following to display the role-modifying parameters in the right pane.
l Right-click a customised role under Role on the tree of the Role Management
pane, and click Modify Role from the shortcut menu.
l Click a role node under Role in the Role Management pane, and then click
Modify on the right pane.
3. Under Basic Information in the right pane, select the Lock the Role check box.
4. Click OK.
– End of Steps –
Result
If a user has been assigned with the locked role and the user has logged in to the system,
the user will be prompted to re-log in. After the user logs in to the system again, the
operation set changes correspondingly to No Right.
4-8
Steps
1. On the menu bar of the client window, click Security > Role Management to open the
Role Management view.
5-1
2. In the Role Management pane, right-click Role Set or any node under Role Set, and
then click Create Role Set.
3. Set parameters of the new role set in the right pane, as shown in Figure 5-1.
5-2
Available roles
This box lists the roles already
Assigned Roles in the Available -
assigned to the role set.
Roles box
4. Click OK.
– End of Steps –
Result
The newly-created role set appears under Role Set on the Role Management navigation
tree.
Steps
1. On the menu bar of the client window, click Security > Role Management to open the
Role Management view.
2. On the Role Management navigation tree, right-click the role set to be modified under
Role Set, and then click Modify Role Set.
3. Do one of the following to display modifiable parameters of the role set in the right
pane.
5-3
l Right-click the role set node under Role Set in the Role Management pane, and
click Modify Role Set on the shortcut menu.
l Click the role set node under Role Set in the Role Management pane, and click
Modify in the right pane.
Note:
For description of the role set parameters, refer to the section “Creating a Role Set”.
4. Under Basic Information, modify the role set description and change the locking
status of the role set as needed.
5. Under Role Set Assignment, add new roles to the Assigned Roles list box or remove
existing roles from it.
6. Click OK to finish.
– End of Steps –
Result
If a user assigned with the role set to be modified has already logged in to the system,
the system will force the user to log out after the operation permission of the role set is
successfully modified. The operation permission of this user changes accordingly upon
next login.
Steps
1. On the menu bar of the client window, click Security > Role Management to open the
Role Management view.
2. Under Role Set in the Role Management pane, right-click the role set to be duplicated,
and then click Duplicate Role Set.
5-4
Note:
For description of the role set parameters, refer to the section “Creating a Role Set”.
4. Click OK.
– End of Steps –
Result
A new role set appears under Role Set in the Role Management pane. If you has not
modified the other properties while duplicating the existing role set, the newly-created role
set with a different name has the same locking status, description and role members as
those of the duplicated one.
Steps
1. On the menu bar of the client window, click Security > Role Management to open the
Role Management view.
2. Under Role Set in the Role Management pane, right-click the role set to be deleted,
and then click Delete Role Set.
3. In the pop-up Confirm dialogue box, click Yes to delete the role set.
– End of Steps –
Result
The deleted role set disappears from the Role Management pane.
Note:
l If the deleted role set has been assigned to a user and this user has only been
assigned with this role set, the user is also deleted.
l If the deleted role set has been assigned to a user and this user has been assigned
with other role sets besides this role set, the operation permission of this user changes
accordingly after the deletion of this role set. And if the user has logged in to the
system, it will be forced to log out after deletion of this role set.
5-5
Steps
1. On the main menu, select Security > Role Management to open the Role
Management view.
2. Right-click a role set on the navigation tree, and click View Assigned Users,
3. The Assigned Users dialogue box pops up, listing all the users assigned with the role
set selected in step 2.
4. Click OK to finish.
– End of Steps –
Prerequisites
The role set to be locked is available and unlocked.
Steps
1. On the menu bar of the client window, click Security > Role Management to open the
Role Management view.
2. On the Role Management pane, right-click the role set to be locked under Role Set,
and then click Modify Role Set.
3. Under Basic Information in the right pane, select the Lock the Role Set check box.
4. Click OK.
5-6
Note:
If a user is assigned with the role set and the user has logged in to the system, the
user will be prompted to re-log in. After the user logs in to the system again, the user
will be assigned with the No Right operation set.
– End of Steps –
5-7
5-8
Steps
1. On the menu bar of the client window, click Security > User Management to open
the User Management view.
2. On the tree in the User Management pane, right-click Root Department, and click
Create Sub-department to activate the Basic Information tab in the right pane, as
shown in Figure 6-1.
6-1
“New Depart-
The department name. This
Department Name 1–50 character(s) ment”+Number (A
parameter is mandatory.
sequence number)
6-2
Result
The newly-created department appears on the User Management navigation tree.
Note:
You can also modify the name of the default root department provided by the system
according to the actual situation.
Steps
1. On the menu bar of the client window, click Security > User Management to open
the User Management view.
2. Do one of the following to activate the Basic Information tab in the right pane:
l On the tree in the User Management pane, right-click the department to be
modified, and then click Modify from the shortcut menu.
l On the bottom of the Basic Information tab, click the Modify button.
3. On the Basic Information tab, modify the description of the department, and/or
change its superior department as needed.
4. Click OK to save the modification.
– End of Steps –
6-3
Steps
1. On the menu bar of the client window, click Security > User Management to open
the User Management view.
2. On the tree in the User Management pane, right-click the department to be deleted,
and then click Delete on the shortcut menu.
3. In the pop-up Confirm dialogue box, click Yes to delete the department.
– End of Steps –
Result
The deleted department disappears from the User Management pane.
6-4
7-1
Steps
1. On the menu bar of the client window, click Security > User Management to open
the User Management window.
2. In the left User Management pane, right-click a department node on the Root
Department tree, and then click Create User to activate the tabs in the right pane,
as shown in Figure 7-1.
3. On the Basic Information tab, set the basic information by referring to parameters
explained in Table 7-1
Full Name Detailed information related to the new user. 1 to 100 character(s)
7-2
User Can not Change To forbid the user to change the password,
-
Password select this check box.
Set User Maximum Select this check box to set the maximum
1 to 500
Password Age (days) password validity duration.
Set User Minimum Select this check box to set the minimum
1 to 499
Password Age (days) password validity duration.
Set Account Stop Set the duration in which the account is 1 to 500 (default value:
(days) disabled. 90)
7-3
Note:
The User Status area on the lower part of the Basic Information tab shows the
information of the user after successful creation of the user, including the creator,
creation time, and password activation time of the user.
4. Click the Right tab, and then select one or more role(s) and/or role set(s) that you
want to assign to the user.
Note:
Click , to open the Role Management view for
creating new roles or role sets.
5. Click the Log View Range tab, and set the log viewing rights bye selecting one or
more roles from the Role Tree.
Note:
A user assigned with the administrator role can view the all logs. Other users can only
see the logs of itself and of the users with roles specified in this step.
6. Click the User Department tab, and then select the department that the user belongs
to.
Note:
A user can only belong to one department. The default department of a new user is
the Root Department.
7. Click the Advanced Information tab to set the advanced information of the new user
by referring to Table 7-2. The tab is shown in Figure 7-2.
7-4
On the Advanced Information tab, you can add more user information, and restrict
the work time duration and allowed IP range.
l Password(Default)
Login Type Login type of the user.
l USBKey
7-5
GUI MAC Bind Setting Click Add to set the allowed MAC address. Valid MAC address
Note:
If the value of Concurrent Logins is set to a number larger than 1, multiple users
can use the same account. In this case, it is difficult to decide which user performs a
certain operation. Therefore, it is recommend to set this parameter to 1.
8. Click the Operator Information tab, and set the information of the telecommunications
operator (the operation can be performed when the RAN network sharing function is
enabled).
Condition Operation
9. Click OK to finish
– End of Steps –
Result
The newly-created user appears on the tree in the User Management pane.
7-6
Note:
You can also modify the default system administrator (admin) provided by the system as
an administrator. However, some of the admin user’s properties can not be modified. For
example, it is not allowed to change the user working time or disable the admin account.
Steps
1. On the menu bar of the client window, click Security > User Management to open
the User Management view.
2. Do one of the following to activate the tabs in the right pane, as shown in Figure 7-3.
l In the User Management pane, right-click the user to be modified and then click
Modify on the shortcut menu.
l In the User Management pane, click the user to be modified, and then click
Modify in the right pane.
7-7
Note:
For the description of parameters on these tabs, refer to the previous section “Creating
a User”.
3. On the Basic Information tab, modify the basic parameters of the user except the
user name.
4. If you want to reassign role(s) or role set(s) to the user, click the Right tab and then
modify the selection of role(s) or role set(s) as needed.
5. If you want to change the log viewing rights of the user, click the Log View Range tab,
and select necessary role(s) whose logs the user can view.
6. If you want to change the department of the user, click the User Department tab and
then select the department you want.
7. If you want to modify the advanced information of the user, including detailed
information, phone number, Email address, and IP range, click the Advanced
Information to modify parameters as needed.
8. Click OK to save the modifications.
– End of Steps –
Result
The attributes of the user changes accordingly after modification.
Note:
If the operation permissions of a login user are modified, the system will force the user to
log out. After another login, the user permissions will be updated.
If the password of a login user is modified, the system will force the user to log out. After
another login, the user permissions will be updated.
7-8
Note:
The system does not support the duplication of the default system administrator (admin).
Steps
1. On the menu bar of the client window, click Security > User Management to open
the User Management view.
2. In the User Management pane, right-click the user to be duplicated, and then click
Duplicate to activate the tabs in the right pane, as shown in Figure 7-4.
3. On the Basic Information tab, enter a new user name in the User Name text box.
Note:
The name of a user must be unique in the system.
7-9
4. If you want to create a new user with the same properties as the duplicated user,
proceed to the next step.
If you want to modify some attributes to create a user with different properties, modify
parameters on the corresponding tabs.
5. Click OK.
– End of Steps –
Result
A new user appears on the tree in the User Management pane.
Steps
1. On the menu bar of the client window, click Security > User Management to open
the User Management view.
2. On the User Management pane, right-click the user to be deleted, and then click
Delete.
3. In the pop-up Confirm dialogue box, click Yes to delete the user.
– End of Steps –
Result
The user disappears from the User Management pane. If the user has logged in to the
system, it will be forced to log out. The deleted user cannot be used any longer.
7-10
Note:
For the description of the user account rule, refer to the section “Customising User Account
Rule” in Chapter 2 in this operation guide.
Steps
1. On the menu bar of the client window, click Security > User Lock Details.
2. View the user lockup records in the pop-up User Lock Details dialogue box, which
lists the user name, IP address, and the locking time.
Tip:
To get the latest information of locked user accounts, you can click Refresh.
8-1
Steps
1. On the menu bar of the client window, click Security > Modify All Common Users'
Password to open the Modify All Common Users' Password dialogue box.
2. Type the same password in the New Password and Confirm Password boxes.
3. Click OK.
– End of Steps –
Result
The passwords of all common users are set as the same one.
Steps
1. On the menu bar of the client window, click Security > Login User Management to
open the Login User Management dialogue box, as shown in Figure 8-1.
8-2
2. Click a user in the Login User Management dialogue box, and choose one or more
of the following operations to manage login users if necessary.
l Click Send Message to send a message to another client that connects to the
same NetNumen U31 server (same IP address) that the current client connects
to.
l Click Force to Log out to force the user to log out.
l Click Refresh to get the latest information of login users.
3. Click Close to finish.
– End of Steps –
Steps
1. On the main menu, click Security > User Blacklist to open the User Blacklist
dialogue box, in which the All Users pane and the Users in blacklist pane list all
non-blacklist and blacklist users respectively.
2. Set the blacklist users in the User Blacklist dialogue box by referring to Table 8-1.
Table 8-1 Button Description
Button Function
8-3
Note:
To select more than one users, you can press and hold CTRL or SHIFT on the keyboard
in selecting users.
Note:
– End of Steps –
Steps
1. On the main menu, click Security > View NE Login User to open the View NE Login
User dialogue box.
Result
The information of the NE login users is displayed.
8-4
Note:
After the initial installation, the password of the system administrator (admin) is null. It
is strongly recommended that you modify the password of user admin after the initial
installation.
Steps
1. In the main menu, select System > User Password Setting from the main menu. The
User Password Setting dialog box appears.
2. Set the new password, and click OK.
Error messages
l New password cannot be the same as the old one.
l Password is too short.
l Password does not match the following rule: password must include at least three
of the following four types: numbers, lowercase letters, uppercase letters, other
characters.
l Password does not match the following rule: password cannot be the same as
user name; Can not be the same as double repeat of username; Can not be the
reverse of user name.
– End of Steps –
8-5
Tip:
If the user account does not exist or the password is incorrect, SSH failed is prompted.
After a successful login, the number of login failures of the current user, and the last
successful login date and time are displayed on the status bar of the NetNumen U31
client.
Error messages
l SSH failed
l User does not exist. It may be deleted.
l User password is incorrect.
l Client’s IP address is invalid.
l Client’s MAC address is invalid.
l Not in work time.
l The user’s password is expired.
l The user account is expired.
l The user is locked.
l The user is automatically disabled because of no login for <n> days.
l Maximum number of connections for the user is already reached.
l The max. client num of the system supported is reached, can not login!
l The user was set in the blacklist by admin, is forbidden to login.
– End of Steps –
8-6
I
Figures
III
Tables