NetNumen U31 R18 Unified Element Management System Security Management Operation Guide PDF

NetNumen™ U31 R18
Unified Element Management System

Security Management Operation Guide
Version: 12.10.040
ZTE CORPORATION
NO. 55, Hi-tech Road South, ShenZhen, P.R.China
Postcode: 518057
Tel: +86-755-26771900
Fax: +86-755-26770801
URL: http://ensupport.zte.com.cn
E-mail: support@zte.com.cn
LEGAL INFORMATION
Copyright © 2011 ZTE CORPORATION.
The contents of this document are protected by copyright laws and international treaties. Any reproduction or
distribution of this document or any portion of this document, in any form by any means, without the prior written
consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by
contractual confidentiality obligations.
All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE
CORPORATION or of their respective owners.
This document is provided “as is”, and all express, implied, or statutory warranties, representations or conditions
are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose,
title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the
use of or reliance on the information contained herein.
ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications
covering the subject matter of this document. Except as expressly provided in any written license between ZTE
CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter
herein.
ZTE CORPORATION reserves the right to upgrade or make technical change to this product without further notice.
Users may visit ZTE technical support website http://ensupport.zte.com.cn to inquire related information.
The ultimate right to interpret this product resides in ZTE CORPORATION.
Revision History
Revision No. Revision Date Revision Reason
R1.0 2011-09–23 First Edition
Serial Number: SJ-20110823134613-005
Publishing Date: 2011-09-23(R1.0)

Contents
About This Manual ......................................................................................... I
Chapter 1 Overview .................................................................................... 1-1
1.1 Introduction to Security Management Functions ................................................... 1-1
1.2 Basic Concepts of Security Management ............................................................. 1-1
1.3 Relation Model ................................................................................................... 1-2
1.4 Security Management Solution............................................................................ 1-4
1.5 Authentication and Access Control ...................................................................... 1-5
1.6 Authentication Modes ......................................................................................... 1-6
1.7 Auditing ............................................................................................................. 1-6
1.8 Centralized Security Management ....................................................................... 1-6
1.9 Implicit Prerequisites .......................................................................................... 1-7
Chapter 2 Security Policy Management ................................................... 2-1

2.1 Introduction to Security Policy Management ......................................................... 2-1
2.2 Customising the User Account Rule..................................................................... 2-1
Chapter 3 Operation Set Management ..................................................... 3-1

3.1 Introduction to Operation Set Management .......................................................... 3-1
3.2 Creating an Operation Set .................................................................................. 3-2
3.3 Viewing the Information of an Operation Set......................................................... 3-3
3.4 Modifying a Customised Operation Set ................................................................ 3-4
3.5 Duplicating an Operation Set............................................................................... 3-5
3.6 Deleting a Customised Operation Set .................................................................. 3-5
3.7 Viewing All Permitted Operations ........................................................................ 3-6
3.8 Exporting All Customised Operation Sets............................................................. 3-7
3.9 Importing an Operation Set ................................................................................. 3-8
Chapter 4 Role Management ..................................................................... 4-1

4.1 Introduction to Role Management ........................................................................ 4-1
4.2 Creating a Role .................................................................................................. 4-2
4.3 Modifying a Customised Role.............................................................................. 4-5
4.4 Duplicating a Role .............................................................................................. 4-6
4.5 Deleting a Customized Role................................................................................ 4-6
4.6 Viewing the Users Assigned with a Selected Role ................................................ 4-7
4.7 Locking a Customised Role................................................................................. 4-7
Chapter 5 Role Set Management............................................................... 5-1
I
5.1 Introduction to Role Set Management .................................................................. 5-1
5.2 Creating a Role Set ............................................................................................ 5-1
5.3 Modifying a Customised Role Set ........................................................................ 5-3
5.4 Duplicating a Role Set ........................................................................................ 5-4
5.5 Deleting a Role Set ............................................................................................ 5-5
5.6 Viewing the Users Assigned with a Selected Role Set .......................................... 5-6
5.7 Locking a Role Set ............................................................................................. 5-6
Chapter 6 Department Management ......................................................... 6-1

6.1 Introduction to Department Management ............................................................. 6-1
6.2 Creating a Department ....................................................................................... 6-1
6.3 Modifying a Department...................................................................................... 6-3
6.4 Deleting a Department........................................................................................ 6-3
Chapter 7 User Management ..................................................................... 7-1

7.1 Introduction to User Management........................................................................ 7-1
7.2 Creating a User.................................................................................................. 7-1
7.3 Modifying a User ................................................................................................ 7-6
7.4 Duplicating a User .............................................................................................. 7-8
7.5 Deleting a User ................................................................................................ 7-10
Chapter 8 Other Functions ........................................................................ 8-1

8.1 Viewing User Lockup Records............................................................................. 8-1
8.2 Modifying the Passwords of All Common Users.................................................... 8-2
8.3 Managing Current Login Users............................................................................ 8-2
8.4 Set User Blacklist ............................................................................................... 8-3
8.5 Viewing the Network Element Login Users ........................................................... 8-4
8.6 Modifying the User Login Password..................................................................... 8-5
8.7 User Login ......................................................................................................... 8-5
Figures............................................................................................................. I
Tables ............................................................................................................ III
Glossary .........................................................................................................V
II
About This Manual
The NetNumenTM U31 R18 Unified Element Management System (NetNumen U31 or
EMS) is a special network element management system that manages network elements
in radio access systems. By using NetNumen U31, users can configure and maintain
individual network elements, and manage radio access networks in a unified manner.
NetNumen U31 provides the following management functions:
l Configuration management
l Fault management
l Performance management
l Topology management
l Security management
As an object-oriented system designed on the JAVA 2 platform Enterprise Edition (J2EE),
NetNumen U31 provides unified standard interfaces to external devices.
Purpose
This guide describes the security management operations in the NetNumen U31 system.
Intended Audience
l Maintenance engineers
l Debugging engineers
What Is in This Manual
Chapter Summary
Chapter 1, Overview Introduces concept of security management,

related terms, relation model, management
example, and implicit prerequisites.
Chapter 2, Security Policy Management Describes customisation of user account rules

and rules of security events.
Chapter 3, Operation Set Management Describes steps of viewing, modifying, exporting

operation sets.
Chapter 4, Role Management Describes operations of adding, modifying,

copying and deleting roles.
Chapter 5, Role Set Management Describes operations of adding, modifying,

copying and deleting role sets.
Chapter 6, Department Management Describes operations of adding, modifying, and

deleting departments.
I
Chapter Summary
Chapter 7, User Management Describes management of user accounts, such

as adding, modifying, copying, deleting accounts.
Chapter 8, Other Functions Describes other management functions.
II
Chapter 1
Overview
Table of Contents
Introduction to Security Management Functions .........................................................1-1
Basic Concepts of Security Management ...................................................................1-1
Relation Model ...........................................................................................................1-2
Security Management Solution...................................................................................1-4
Authentication and Access Control .............................................................................1-5
Authentication Modes.................................................................................................1-6
Auditing ......................................................................................................................1-6
Centralized Security Management..............................................................................1-6
Implicit Prerequisites ..................................................................................................1-7
1.1 Introduction to Security Management Functions

The security management functions provided by NetNumen U31 are used to ensure proper
and reliable running of the network element management system (EMS). By using the
security management functions, the system administrator can create security policies,
maintain user accounts and manage roles, role sets and departments. In addition, the
administrator can assign different authorities to individual users for them to access and
manage limited network resources.
The security management functions can be classified into two parts:
l Security policy customisation: Security policies are applicable to all users of the
system.
l Integrated management of roles, role sets, operation sets, departments and users:
The integrated management functions can control the authorities of individual users.
Among all functions, security policy and the management of users, roles and departments
are the most important in the security management.
1.2 Basic Concepts of Security Management

Security management concerns several basic concepts, including role, role set, operation
set, department, and user, which are explained as follows:
l Role
A role specifies the management permission for a user group, including the operation
permission and managed resources.
1-1
SJ-20110823134613-005|2011-09-23(R1.0) ZTE Proprietary and Confidential

NetNumen™ U31 R18 Security Management Operation Guide
à The operation permission allows the user group to use specific functional
modules of the EMS. For example, if a role has the operation permission of
the log management module, the users assigned with the role can perform log
management operations, such as querying logs and maintaining logs.
à The managed resources refer to the subnetworks and/or the network elements
that can be managed by the role.
In application, the operation permission and managed resources combine to decide
the actual authorities of a role. For example, if a role is assigned a base station as
one managed resource, and topology management as the operation permission, the
actual permission of the role is to perform topology management on the base station.
l Role Set
A role set is a collection of roles. The permissions of a role set involves those of all
roles in the role set.
l Operation Set
An operation set is a collection of operations. If an operation set is assigned to a
role, this role has the permission of all operations specified in the operation set on the
resource.
l Department
Departments are specified in the EMS to simulate the actual administrative
departments. In this way, the system administrator can easily manage users in the
EMS. A newly-created user must belong to a department.
Note:
By default, a newly created user belongs to the root department of the system unless
otherwise specified.
l User
A user is an operator authorised to log in to the system and perform certain
operations in the system. When creating a user, the system administrator assigns
the management permission to the user by specifying one or more roles or role sets
(The actual permission of a user is the combination of the authorities of all roles or
role sets assigned to the user). The administrator can also allocate the user to a
department based on actual requirements.
1.3 Relation Model

The relation model in security management is based on the role. The permission of a role
depends on the managed resources and corresponding operation rights assigned to it.
Assigning users with different roles can differentiate user permissions.
1-2

Chapter 1 Overview
In the NetNumen U31 system, the roles include default roles and custom roles.
Default roles include:
l Administrator Role
l Maintenance Role
l Operator Role
l Supervisor Role
Custom roles have user-defined permissions, which depend on the managed resources
and related operation rights. The NetNumen U31 system supports adding, deleting, and
modifying custom roles.
By customizing roles and assigning role(s) to users, you can allocate users different
permissions. The users can perform authorized actions in the system according to their
permissions.
The relations among user, role, role set, department, operation permission, and managed
resources are illustrated in Figure 1-1.
Figure 1-1 Relation Model of Security Management
Following are some supplementary explanations:
l A user must belong to a department. A department can include one or more users.
l A user must be assigned with at least one role. A role can be assigned to any number
of users.
l A user can be assigned with one or more role sets. A role set can be assigned to any
number of users.
l The permissions of the role(s) or role set(s) assigned to the user decide the user’s
actual permission.
1-3

l A role set must include at least one role. A role can be assigned to any number of
role sets.
l The permissions assigned to the managed resources of a role decide the actual op-
eration permission of the role.
1.4 Security Management Solution

After fully understanding the relation model of security management, you can work out a
security management solution according to the network scale, administrative division, and
allocated permission.
Suppose a telecom operator in a province plans to use the NetNumen U31 system to
manage all Base Station Controllers (BSCs) and Base Transceiver Stations (BTSs) in the
province. Several branch offices are distributed in the province. Each office only manages
the devices in the area administrated by it. Table 1-1 provides a security management
solution for the telecom operator in a province, which specifies the departments, role sets,
roles, operation sets, users, and their relations.
Table 1-1 Security Management Example
Department Role Operation Set Role Description User
The system provides a default

administrator role, who has the
System
None Administrator highest administration authority. admin
administrator
This user is independent of any
department.
The BSC administrator has the

System
BSC administrator authority to manage all BSC BSCAdmin
administrator
devices in the province.
This role specifies the authority

of ordinary operators, who
On-duty personnel
Monitor can perform routine monitoring BSCWatch
of BSC
operations on all BSC devices in
Provincial the province.
Office The BTS administrator has the
System
BTS administrator authority to manage all BTS BTSAdmin
administrator
devices in the province.

On-duty personnel
Monitor can perform routine monitoring BTSWatch
of BTS
operations on all BTS devices in
the province.
1-4

Chapter 1 Overview
Department Role Operation Set Role Description User

of BTS administrator, who can
System
BTS administrator manage all BTS devices in the BTSAdmin1
administrator
area administrated by branch
office 1.
Branch Office
1
can perform routine monitoring
On-duty personnel Monitor BTSWatch1
the area administrated by branch
office 1.

System
BTS administrator manage all BTS devices in the BTSAdmin2
administrator
office 2.
Branch Office
2
On-duty personnel Monitor BTSWatch2
office 2.

System
BTS administrator manage all BTS devices in the BTSAdminN
administrator
office N.
Branch Office
N
On-duty personnel Monitor BTSWatchN
office N.
1.5 Authentication and Access Control

When a user performs an operation in NetNumen U31, the system calls the authentication
interface according to the authorized rights set to check whether the user has the rights to
perform the operation. The user without the operation rights cannot perform the operation.
1-5

The authentication mechanism in the NetNumen U31 system ensures that the user can
perform authorized operations and forbids unauthorized operations. In this way, the
authentication mechanism protects the key system functions and ensures the security of
sensitive data.
1.6 Authentication Modes

Each user has a unique ID . When a user logs in to the system, the system authenticate
the user through the ID. After the system determines that the user ID is valid, the user can
log in to the system and can use the system with authorized rights.
NetNumen U31 supports three authentication modes:

1. Password authentication
2. RADIUS authentication
3. Digital certificate authentication
1.7 Auditing
NetNumen U31 supports log management. The logs include system logs, security logs,
and operation logs.
Operation log is the records of operations and events generated by the user interface.
Security log is the records of security events such as a user's accessing of the system.
System Log is the records of events generated by the system, such as time task, data
processing.
Log management includes tracing all operations performed by each user. Log
management provides a convenient and friendly user interface for log query. Custom
query of log data (fuzzy match or exact match) can be performed according to user name,
event and operation information.
1.8 Centralized Security Management

Centralized security management is an optional security management policy provided by
NetNumen U31. The policy performs integrated user and authorization management in
the Network Element Management System (EMS). In this way, the user information can
be better managed.
The security data, such as user information and authentication, is transmitted via the EMB
interface between the EMS and OMM. The EMB interface uses the SSH protocol to ensure
the integrity and secrecy of data.
Figure 1-2 illustrates the process of centralized security management.
1-6

Chapter 1 Overview
Figure 1-2 Centralized Security Management
The EMS in the figure refers to NetNumen U31.
1.9 Implicit Prerequisites

For all security management operations, the following prerequisites may be presumed to
have been met.
l Log in to the NetNumen U31 GUI client as an administrator.

l The connection between the NetNumen U31 client and the server is normal.
Note:
For the client/server architecture, refer to NetNumen U31 Mobile Network Element
Management System System Description.
1-7

This page intentionally left blank.
1-8

Chapter 2
Security Policy Management
Table of Contents
Introduction to Security Policy Management ...............................................................2-1
Customising the User Account Rule ...........................................................................2-1
2.1 Introduction to Security Policy Management

By using the security policy management function, you can customise the user account
rule. The user account rule specifies the attributes related to account security, such as
password length requirement and weak password check.
2.2 Customising the User Account Rule

Abstract
After installation, the NetNumen U31 system has no user account rules. It is recommended
to set the account rules following the rules below:
l A user account is locked when the wrong passwords are entered for at least three
times.
l A locked user account is unlocked at least 24 hours after the locking.
l The weak password check should be enabled.
l The account valid period can be within 6 months. Refer to “Creating a User”.
l The new password cannot repeat the last used five ones.
l The GUI is automatically locked if no operations are performed on the client for over
30 minutes.
Steps
1. On the menu bar of the client window, click Security > customise User Account Rule
to open the customise User Account Rule dialogue box, as shown in Figure 2-1.
2-1

Figure 2-1 Customising User Account Rule
2. Set parameters to customize user account rule according to the actual requirements,
based on description in Table 2-1.
Table 2-1 Parameters for Customising User Account Rule
Policy/Rule Type Parameter Description Suggested Value
Enable Weak Pass- Select to check weak Selected

word Check password automati-
cally.
Password Policy
Minimum Length Minimum password 6
length (value range:
0–20).
2-2

Chapter 2 Security Policy Management
Maximum Length Maximum password 20

length (value range:
0–20).
Can not be last used Select to check if the 100

password within password has been
used within speci-
fied past days (value
range: 1–100).
Can not be last used Select to check if 5

the password repeats
any of the ones used
in previous specified
time(s) (value range:
1–100).
Notify password ex- Select and the sys- 5

piry in an advance of tem will notify pass-
word expiry specified
days in advance.
Password modifica- Select and the user 3

tion in a day cannot cannot modify the
exceed password over the
specified times.
User must modify Select and the user Selected

expired password must modify overdue
when login password before
logging into the
system.
If the check box is
not selected, the user
can login without
modifying overdue
password.
The invalid pass- Select and the user Selected

word must be modi- must modify the
fied when login password upon login
when the password is
invalid.
Passwords should Select and the users Not selected

be different if users with the same full
have the same full name must be set with
name different passwords.
2-3

Emails will be sent to Select and the users Not selected

users whose pass- will receive an Email if
words are modified their passwords have
been modified.
Never Lock Select this option, Lock Temporarily

and users will not
be locked in case of
multiple failures for
login.
Lock Permanently Select this option, and

users will be locked
when specified login
attempts fail.
Lock Temporarily Select this option,

and the locked user
will be unlocked after
specified time (Unit:
hour).
Lock at password er- Lock the account 3

ror at specified times
of entering wrong
password (value
Account Lock Rule
range: 2–20).
Unlock after Unlock after specified 24

hours (value range:
1–72).
Lock account with IP Specifies whether to Selected

lock the account by its
IP address, that is, the
client with the address
cannot log in to the
EMS server.
Do not lock the user Select the check box, Selected

admin and Admin account
is not locked. It
is not suggested
to lock the Admin
account, because the
account has advanced
authorities.
2-4

Chapter 2 Security Policy Management
Can not be user ac- Select the check box 5

counts deleted in the and the user account
last must not repeat any
account deleted in
specified past days
Account Checking (value range: 1–100).
Policy Notify account ex- Select the check box 5
piry in an advance of and the system will
notify account expiry
specified days in
advance (value range:
1–90).
Note:
A locked (permanently or temporarily) user can only be unlocked by the administrator
user (Admin). For a temporarily locked user, the account can be unlocked after the
specified duration.
3. Click OK to confirm the setting of the user account rule.

You can also click Default to restore default user account policies.
– End of Steps –
2-5

2-6

Chapter 3
Operation Set Management
Table of Contents
Introduction to Operation Set Management ................................................................3-1
Creating an Operation Set..........................................................................................3-2
Viewing the Information of an Operation Set...............................................................3-3
Modifying a Customised Operation Set.......................................................................3-4
Duplicating an Operation Set......................................................................................3-5
Deleting a Customised Operation Set.........................................................................3-5
Viewing All Permitted Operations ...............................................................................3-6
Exporting All Customised Operation Sets ...................................................................3-7
Importing an Operation Set ........................................................................................3-8
3.1 Introduction to Operation Set Management

An operation set is a collection of operation permissions. By assigning required operation
sets to different management resources of a role, you can define the operations the role
can perform on each resource.
NetNumen U31 supports the following operation set management functions:
l Create an Operation Set: set the name, description and permitted operations to create
an operation set.
l View an Operation Set: view the information of an operation set, including its name,
description, and operation assignment.
l Modify an Operation Set: modify the description and operation assignment of an
operation set created by the user.
l Duplicate an Operation Set: create a similar new operation set by duplicating an
existing operation set.
l Delete an Operation Set: delete a useless operation set created by the user.
l View All Permitted Operations: view all permitted operations of an operation set.
l Export an Operation Set: export the information of all operation sets and save it as
an XLS file.
l Import an Operation Set: import an operation set from an XLS file.
3-1

Note:
The following five default operation sets cannot be modified or deleted.
l Administrator Right
l System Maintenance Right
l Operation Right
l View Right
l No Right
l Operator View Right
The Operator View Right is only available when the Radio Access Network (RAN) network
sharing function is enabled.
3.2 Creating an Operation Set

Context
When the default operation sets does not meet the actual requirements, you can create a
new operation set with customised operation permissions.
Steps
1. On the menu bar of the client window, click Security > Role Management to open the
Role Management view.
2. On the Role Management pane, click any node under Role to display the information
of the selected role in the right pane.
3. Under Access Rights in the right pane, click

, and select Create Operation Set
from the drop-down menu, or right-click any operation set from the operation set list,
and click Create an Operation Set on the shortcut menu to open the Create an
Operation Set dialogue box. The operation set list is shown in Figure 3-1.
3-2

Chapter 3 Operation Set Management
Figure 3-1 Operation Set List
4. Under General Information, type the name and description of the new operation set
in the Operation Set Name and Operation Set Description boxes.
5. On the Operation Tree, select the operations you want to add to the operation set.
Note:
The name of the new operation set cannot be the same as any existing one.
6. Click OK.
Result
The created operation set appears in the operation set list under Access Rights.
3.3 Viewing the Information of an Operation Set

Context
After an operation set is created, you can view the operation permissions specified in an
operation set as follows:
Steps
3-3

2. In the Role Management pane, click any node under Role to display the information
3. Under Access Rights in the right pane, right-click the operation set to be viewed in
the operation set list, and then click Browse Operation Set on the shortcut menu.
4. View the information of the operation set in the pop-up Browse Operation Set
dialogue box, such as its name, description, and assigned operations.
5. Click OK to finish.
3.4 Modifying a Customised Operation Set

Context
The operation sets created by the user can be modified later on, while the system default
ones cannot be modified. To modify a customised operation set, do the following:
Steps
of the selected role on the right pane.
3. Under Access Rights in the right pane, right-click the operation set to be modified in
the operation set list, and then click Modify Operation Set.
4. In the pop-up Modify Operation Set dialogue box, modify parameters as needed.
a. Under General Information, modify the description of the operation set.
b. On the Operation Tree, select the operations you want to add to the operation set
and/or clear the operations you want to remove from the operation set.
5. Click OK to save the modification and close the Modify Operation Set dialogue box.
Result
After successful modification of the operation set, all roles assigned with this operation set
change accordingly. If a login user has been assigned with such role, the system will force
the user to log out.
3-4

3.5 Duplicating an Operation Set

Context
By duplicating an existing operation set, you can quickly create a new operation set similar
to the existing one by modifying some information on the basis of the existing operation
set.
To create a new operation set by duplicating an existing operation set, do the following:
Steps
2. In the Role Management pane, click any node under Role. The information of the
selected role appears in the right pane.
3. In the Access Rights area in the right pane, right-click the operation set to be
duplicated in the Operation Set list, and then click Duplicate Operation Set.
4. In the pop-up Duplicate Operation Set dialogue box, type the name and description
of the duplicated operation set, and modify the selection of operations as needed.
Note:
You can leave the description and operation selection unchanged when it is necessary.
5. Click OK.
Result
A new operation set appears in the operation set list. If you has not modified the description
and permitted operations while duplicating the existing operation set, the newly-created
operation set with a different name has the same description and permitted operations as
those of the duplicated one.
3.6 Deleting a Customised Operation Set

Context
This section describes how to delete a customised operation set. Note that the default
operation sets cannot be deleted.
3-5

Steps
3. Under Access Rights in the right pane, right-click the operation set to be deleted in
the operation set list, and then click Delete Operation Set.
4. In the pop-up Confirm dialogue box, click Yes to delete the selected operation set.
Result
The deleted operation set disappears from the operation set list. If a role has been
assigned with this operation set, “NO Right” is assigned to the role by default after the
deletion of the original operation set. And the login users assigned with this role are
forced to log out and log in for another time.
3.7 Viewing All Permitted Operations

Context
This function allows you to view the description of all operation permissions. Select the
node by its name, and the details of the operation permission are listed.
Steps
2. On the tree of the Role Management pane, click any node under Role to display the
information of the selected role on the right pane.
and click View All Operations from
the drop-down menu, or right-click any operation set in the operation set list, and
then click View All Operations to open the View All Operations dialogue box.
4. Expand the Operation Tree and click the operation you want to view on the tree. The
description of the selected operation is displayed on the right pane, as shown in Figure
3-2.
3-6

Figure 3-2 Viewing Permitted Operations
5. Click Close to finish.
3.8 Exporting All Customised Operation Sets

Context
The information of all customised operation sets can be exported to an XLS file. The
exported operation sets can be imported to another client later on. Only XLS file format is
supported.
Steps
2. On the tree of the Role Management pane, click any node under Role to display the
information of the selected role in the right pane.

, and select Export All
Customized Operation Sets from the drop-down menu, or right-click any
operation set in the operation set list, and then click Export All Customized
Operation Sets to open the Save dialogue box.
4. Set the file name and path in the pop-up Save dialogue box, and click Save.
3-7

5. Click OK in the pop-up Confirm dialogue box.

Result
The XLS file containing the information of all operation sets appears under the selected
directory.
3.9 Importing an Operation Set

Prerequisites
The XLS file for importing operation sets is available.
Context
You can edit the information of one or more customised operation set(s) saved in an XLS
file exported earlier from another client, and then import the file into the current client to
add one or more operation sets.
Caution!
Be sure that the content format of the file to be imported is the same as the that of the
exported XLS file that is generated by the function “Export all customised operation sets”.
Refer to the section Exporting All Customised Operations Sets”. And the operation set
name in the file must be different from any existing operation set in the system.
To add a new operation set by importing an XLS file, do the following:
Steps
, and select Import Operation Set
from the drop-down menu, or right-click any operation set in the operation set list,
and then click Import Operation Set to open the Open dialogue box.
4. Select the file to be imported in the list box and click Open.
5. Click OK when prompted with the message of successful import.

3-8

Result
The imported operation set appears in the operation set list.
3-9

3-10

Chapter 4
Role Management
Table of Contents
Introduction to Role Management...............................................................................4-1
Creating a Role ..........................................................................................................4-2
Modifying a Customised Role .....................................................................................4-5
Duplicating a Role ......................................................................................................4-6
Deleting a Customized Role .......................................................................................4-6
Viewing the Users Assigned with a Selected Role ......................................................4-7
Locking a Customised Role ........................................................................................4-7
4.1 Introduction to Role Management

By using the role management functions, you can specify the operation permission and
manageable resources for a role, and determine whether to lock a role.
Users assigned with a locked role are no longer permitted to perform the operations
assigned to the role.
The role management is the basis of role set management and user management. Roles
are members of a role set. A user must be assigned with a role or a role set for performing
related operations in the system. A user without a role or role set can log in to the system,
but has no operation permissions.
NetNumen U31 supports the following role management functions:
l Creating a Role: set the name, description, locking status, operation permission and
operation set to create a new role.
l Modifying a Role: modify the description, locking status, operation permission and
operation set of an existing role.
l Duplicating a Role: duplicate an existing role and create a new role based on the
information of the duplicated role.
l Deleting a Role: delete a useless role.
l Locking a Role: lock a role to disable the operation permission assigned to the role.
Note:
AdministratorRole, MaintenanceRole, OperatorRole, and SupervisorRole are default

roles, and cannot be modified or deleted. Of the default roles, the AdministratorRole
cannot be duplicated.
4-1

4.2 Creating a Role

Context
If the security management plan includes any role not provided by default, you need to
create the role. It is allowed to assign different authorities to the resources managed by
the role. The color of each node on the resource tree indicates the specific permissions
the role has for the node.
If you create a role with the right to creating users, be aware that a user who can create
other users is able to assign any possible role (except administrator) to the created users,
even though the user (who can create other users) does not have that role.
Steps
2. Right-click any node under Role on the tree of the Role Management pane, and click
Create Role to display role-creating parameters in the right pane, as shown in Figure
4-1.
Figure 4-1 Setting Parameters for a New Role
3. Under Basic Information in the right pane, set role name and description.
Table 4-1 explains the basic parameters of a role.
4-2

Chapter 4 Role Management
Table 4-1 Basic Parameters of a Role
Parameter Description Value Range Default Value
new role1 (“1”

Type the role name in this box.
Role Name 1–50 character(s) is a sequence
This parameter is mandatory.
number)
Type the description of the role.

Role Description 1–100 character(s) -
This parameter is optional.
Select this check box if you want

to lock the role.
Once the role is locked, the user
assigned with the role is deprived
Lock the Role of corresponding operation - Not selected
permission. If a user is only
assigned with the locked role, the
system does not permit the login
of this user.
4. Under Access Rights in the right pane, click a resource node on the Resource Tree
and then select an operation set from the option buttons on the right of the Resource
Tree.
Tip:
To select multiple resource nodes at a time, press and hold CTRL and then click the
resource nodes one by one. Or, to select continuous nodes on the tree, you can press
and hold SHIFT, while click the first and the last nodes.
Table 4-2 describes the parameters under Access Rights.
Table 4-2 Access Rights Parameters
Parameter Description
The resource tree lists the resources in the network. You can select
the resources to be managed by the role.
To set a resource node (sub-node) with the same permission with its
parent node, right-click the sub-node, and click Follow Parent Node’s
Resource Tree
Right.
To set the sub-nodes permission with the same permission of a parent
node, right-click the parent node, and click Synchronize Rights of
Sub-nodes.
4-3

Parameter Description
The system provides the following five operation sets by default. You
can also customise other operation sets as needed.
l Administrator Right (Unavailable)
l System Maintenance Right
l Operation Right
l View Right
Operation Set
l No Right
l Operator View Right (available when the network sharing function
is enabled)
To view the details of an operation set, double-click the operation set
to open the Operation Set Configuration dialogue box, where you
can view specific authorities assigned.
5. To know the meaning of different resource icons, click Legend at the bottom right. The
Role Right Icon Description dialog box appears, as shown in Figure 4-2.
The resource icons of different permissions are described in the dialog box.
Figure 4-2 Role Right Icon Description
6. Click OK.
Result
The newly-created role appears under Role in the Role Management pane.
4-4

4.3 Modifying a Customised Role

Context
An existing customised role can be modified as needed, including its description, locking
status, and role rights. Note that the role name is unmodifiable.
To modify a customised role, do the following:
Steps
2. Do one of the following to display the modifiable parameters of the role on the right
pane.
l Right-click a customised role under Role in the Role Management pane, and
click Modify Role on the shortcut menu.
l Click a role node under Role in the Role Management pane, and then click
Modify on the right pane.
3. Under Basic Information, modify the role description and change the locking status
of the role as needed.
4. Under Access Rights, modify the operation set of a resource.
a. Click the resource node on the Resource Tree.
b. Select another operation set from the operation set list.
Note:
For description of the role parameters, refer to the section “Creating a Role”.
Result
If a user assigned with the role to be modified has already logged in to the system, the
system will force the user to log out after the operation permission of the role is successfully
modified. The operation permission of this user changes correspondingly after another
login.
4-5

4.4 Duplicating a Role

Context
By duplicating an existing role, either default or customised, you can quickly create a new
role similar to the existing role without repeatedly setting the properties for the new role.
To create a new role by duplicating an existing role, do the following:
Steps
2. Under Role in the Role Management pane, right-click the role to be duplicated under
Role, and then click Duplicate Role.
3. Modify parameters on the right pane as needed.
Note:
l For the description of the role parameters, refer to the section “Creating a Role”.
l The default AdministratorRole cannot be duplicated.
4. Click OK.
Result
A new role appears under Role on the Role Management navigation tree. If you has not
modified the other properties while duplicating the existing role, the newly-created role with
a different name has the same operation permission as that of the duplicated one.
4.5 Deleting a Customized Role

Context
This function allows you to delete an unused role. Note that the default roles cannot be
deleted.
Steps
2. Under Role in the Role Management pane, right-click the role to be deleted under
Role, and then click Delete Role.
4-6

3. In the pop-up Delete Role dialogue box, click Yes to delete the role.
Note:
Users assigned with the role to be deleted are listed in the Delete Role dialogue box.
l If the deleted role has been assigned to a user and this user has only been
assigned with this role, the user is also deleted.
l If the deleted role has been assigned to a user and this user has been assigned
with other roles besides this role, the operation permissions of this user change
correspondingly after the deletion of this role. And if the user has logged in to the
system, the user will be forced to log out after this role is deleted.
Result
The deleted role disappears from the Role Management pane.
4.6 Viewing the Users Assigned with a Selected Role

Context
This function allows you to view the users to whom a selected role is assigned. When you
want to modify or delete a role, you might want to use this function to decide whether to
carry out the modification or deletion.
Steps
1. On the main menu, select Security > Role Management to open the Role
Management view.
2. Under Role on the tree of the Role Management pane, right-click the role you want
to view, and click View Assigned Users,
3. An Assigned Users dialogue box pops up, where you can view the users assigned
with that role.
4.7 Locking a Customised Role

Prerequisites
l The role to be locked is available and unlocked.
4-7

Context
The role-locking function only supports customised roles. If you need to lock a customised
role, do the following:
Steps
2. Do one of the following to display the role-modifying parameters in the right pane.
l Right-click a customised role under Role on the tree of the Role Management
pane, and click Modify Role from the shortcut menu.
l Click a role node under Role in the Role Management pane, and then click
Modify on the right pane.
3. Under Basic Information in the right pane, select the Lock the Role check box.
4. Click OK.
Result
If a user has been assigned with the locked role and the user has logged in to the system,
the user will be prompted to re-log in. After the user logs in to the system again, the
operation set changes correspondingly to No Right.
4-8

Chapter 5
Role Set Management
Table of Contents
Introduction to Role Set Management.........................................................................5-1
Creating a Role Set ....................................................................................................5-1
Modifying a Customised Role Set...............................................................................5-3
Duplicating a Role Set ................................................................................................5-4
Deleting a Role Set ....................................................................................................5-5
Viewing the Users Assigned with a Selected Role Set ................................................5-6
Locking a Role Set .....................................................................................................5-6
5.1 Introduction to Role Set Management

A role set is the collection of several roles. A user assigned with a role set owns the
operation permissions specified by all the roles in the role set. By using a role set, you can
assign required operation permissions of several roles to a user, without having to assign
multiple roles.
NetNumen U31 supports the following role set management functions:
l Creating a Role Set: set the name, description, locking status and role members to
create a new role set.
l Modifying a Role Set: modify the description, locking status, and role members of an
existing role.
l Duplicating a Role Set: duplicate an existing role set and create a new role set based
on the information of the duplicated role set.
l Deleting a Role Set: delete a useless role set.
l Locking a Role Set: lock a role set to disable the operation permission assigned to
the role set.
5.2 Creating a Role Set

Context
This function allows you to create a role set made up of the roles you select.
Steps
5-1

2. In the Role Management pane, right-click Role Set or any node under Role Set, and
then click Create Role Set.
3. Set parameters of the new role set in the right pane, as shown in Figure 5-1.
Figure 5-1 Parameters for Creating a Role Set
• The button is used x to the Assigned Rol

to add all roles in the es list box.
Available Roles list bo
Table 5-1 explains the basic parameters of a role set.
Table 5-1 Basic Parameters of a Role Set
Enter the role set name in

Role Set Name this box. This parameter is 1–50 character(s) new roleset1
mandatory.
Role Set Enter the description of the role

1–100 character(s) -
Description set. This parameter is optional.
5-2

Chapter 5 Role Set Management
Select this check box if you want

to lock the role set.
Once the role set is locked, the
user assigned with the role set
is deprived of corresponding
Lock the Role Set check box Not selected
operation permission. If a user
is only assigned with the locked
role set, the system does not
permit the login of this user any
longer.
The first four roles

Select the necessary roles, and
are default, while Read from the
Available Roles click to assign them to the
the others are existing roles
role set.
customised.
Available roles
This box lists the roles already
Assigned Roles in the Available -
assigned to the role set.
Roles box
4. Click OK.
Result
The newly-created role set appears under Role Set on the Role Management navigation
tree.
5.3 Modifying a Customised Role Set

Context
The role sets created by the user can later be modified, including its description, locking
status, and roles assigned. Note that the name of the role set is unmodifiable.
To modify a role set after its creation, do the following:
Steps
2. On the Role Management navigation tree, right-click the role set to be modified under
Role Set, and then click Modify Role Set.
3. Do one of the following to display modifiable parameters of the role set in the right
pane.
5-3

l Right-click the role set node under Role Set in the Role Management pane, and
click Modify Role Set on the shortcut menu.
l Click the role set node under Role Set in the Role Management pane, and click
Modify in the right pane.
Note:
For description of the role set parameters, refer to the section “Creating a Role Set”.
4. Under Basic Information, modify the role set description and change the locking
status of the role set as needed.
5. Under Role Set Assignment, add new roles to the Assigned Roles list box or remove
existing roles from it.
Result
If a user assigned with the role set to be modified has already logged in to the system,
the system will force the user to log out after the operation permission of the role set is
successfully modified. The operation permission of this user changes accordingly upon
next login.
5.4 Duplicating a Role Set

Context
This function copies all attributes of the selected role set to a new one, which you can
modify to quickly create a new role set similar to the existing one.
Steps
2. Under Role Set in the Role Management pane, right-click the role set to be duplicated,
and then click Duplicate Role Set.
3. Modify parameters in the right pane as needed.
5-4

Note:
For description of the role set parameters, refer to the section “Creating a Role Set”.
4. Click OK.
Result
A new role set appears under Role Set in the Role Management pane. If you has not
modified the other properties while duplicating the existing role set, the newly-created role
set with a different name has the same locking status, description and role members as
those of the duplicated one.
5.5 Deleting a Role Set

Context
This function allows you to delete a useless role set.
Steps
2. Under Role Set in the Role Management pane, right-click the role set to be deleted,
and then click Delete Role Set.
3. In the pop-up Confirm dialogue box, click Yes to delete the role set.
Result
The deleted role set disappears from the Role Management pane.
Note:
l If the deleted role set has been assigned to a user and this user has only been
assigned with this role set, the user is also deleted.
l If the deleted role set has been assigned to a user and this user has been assigned
with other role sets besides this role set, the operation permission of this user changes
accordingly after the deletion of this role set. And if the user has logged in to the
system, it will be forced to log out after deletion of this role set.
5-5

5.6 Viewing the Users Assigned with a Selected Role

Set
Context
This function allows you to view the users to whom the role set is assigned.
Steps
1. On the main menu, select Security > Role Management to open the Role
Management view.
2. Right-click a role set on the navigation tree, and click View Assigned Users,
3. The Assigned Users dialogue box pops up, listing all the users assigned with the role
set selected in step 2.
5.7 Locking a Role Set

Abstract
After a role set is locked, the user(s) assigned with the role set cannot perform the
operations in the role set.
Prerequisites
The role set to be locked is available and unlocked.
Steps
2. On the Role Management pane, right-click the role set to be locked under Role Set,
and then click Modify Role Set.
3. Under Basic Information in the right pane, select the Lock the Role Set check box.
4. Click OK.
5-6

Note:
If a user is assigned with the role set and the user has logged in to the system, the
user will be prompted to re-log in. After the user logs in to the system again, the user
will be assigned with the No Right operation set.
5-7

5-8

Chapter 6
Department Management
Table of Contents
Introduction to Department Management....................................................................6-1
Creating a Department ...............................................................................................6-1
Modifying a Department .............................................................................................6-3
Deleting a Department ...............................................................................................6-3
6.1 Introduction to Department Management

The concept of department is used in the NetNumen U31 system for managing users
according to their actual administrative divisions. In practical applications, you can create
departments where users belong according to the functions of actual network management
departments.
NetNumen U31 supports the following department management operations:
l Creating a Department
l Modifying a Department
l Deleting a Department
6.2 Creating a Department

Context
The system provides a root department by default. All newly-created departments are
subordinates of the root department.
To create a new department, do the following:
Steps
1. On the menu bar of the client window, click Security > User Management to open
the User Management view.
2. On the tree in the User Management pane, right-click Root Department, and click
Create Sub-department to activate the Basic Information tab in the right pane, as
shown in Figure 6-1.
6-1

Figure 6-1 Department Basic Information
3. Set parameters for the new department.

a. On the Basic Information tab, type the department name and description in the
Department Name and Department Description boxes.
b. On the Root Department tree, select the superior department for the department
to be created.
Table 6-1 describes the parameters on the Basic Information tab.
Table 6-1 Description of Department Parameters
“New Depart-
The department name. This
Department Name 1–50 character(s) ment”+Number (A
parameter is mandatory.
sequence number)
The description of the

Department
department to be created. 1–100 character(s) -
Description
This parameter is optional.
Set the superior department

Root Department Departments from
to which the new department Root Department
Tree the navigation tree
belong.
4. Click OK to create the new department.

6-2

Chapter 6 Department Management
Result
The newly-created department appears on the User Management navigation tree.
6.3 Modifying a Department

Context
An existing department can be modified as needed, including its description and superior
department.
Note:
You can also modify the name of the default root department provided by the system
according to the actual situation.
To modify a department, do the following:
Steps
2. Do one of the following to activate the Basic Information tab in the right pane:
l On the tree in the User Management pane, right-click the department to be
modified, and then click Modify from the shortcut menu.
l On the bottom of the Basic Information tab, click the Modify button.
3. On the Basic Information tab, modify the description of the department, and/or
change its superior department as needed.
4. Click OK to save the modification.
6.4 Deleting a Department

Context
When a department is no longer in use, you can delete it. Note that a department that
has sub-departments cannot be deleted. Therefore, if the department has subordinate
departments and users, remove the subordinate departments and users first before
deleting it.
6-3

Steps
2. On the tree in the User Management pane, right-click the department to be deleted,
and then click Delete on the shortcut menu.
3. In the pop-up Confirm dialogue box, click Yes to delete the department.
Result
The deleted department disappears from the User Management pane.
6-4

Chapter 7
User Management
Table of Contents
Introduction to User Management...............................................................................7-1
Creating a User ..........................................................................................................7-1
Modifying a User ........................................................................................................7-6
Duplicating a User ......................................................................................................7-8
Deleting a User ........................................................................................................7-10
7.1 Introduction to User Management

User management is the most important part of the security management. By using user
management functions, the system administrator can create users, query the information
of users, modify users, assign rights to users, set the working period for users, query the
login logs of users, delete users, and lock users.
After creating new users, the administrator must ensure that only trustworthy people have
the created user accounts and each person has a proper account.
You can use the name and password of a created user to log in to the NetNumen U31
system and perform management operations according to the operation permission
assigned to the user.
7.2 Creating a User

Context
As an administrator, you can create a user by setting its user name and password. Besides,
you can set the following parameters:
l account valid duration
l role (role set)
l department
l concurrent logins
l working time range
l login IP address
l login MAC address
The maximum number of sessions supported by the system depends on the installation
mode:
1. Installation mode 1: 20 sessions
7-1


Steps
the User Management window.
2. In the left User Management pane, right-click a department node on the Root
Department tree, and then click Create User to activate the tabs in the right pane,
as shown in Figure 7-1.
Figure 7-1 Creating a User (Basic Information Tab)
3. On the Basic Information tab, set the basic information by referring to parameters
explained in Table 7-1
Table 7-1 Parameters on the Basic Information Tab
Parameter Description Value Range
The user name, which will be used for login.

User Name 1 to 30 character(s)
This parameter is mandatory.
Full Name Detailed information related to the new user. 1 to 100 character(s)
7-2

Chapter 7 User Management
The login password, whose length must meet

the requirements specified by the user account
User Password 1 to 100 character(s)
rule. For how to view and customise the user
account rule, please refer to Chapter 2.
Type the same password again in this box to

Confirm Password 1 to 100 character(s)
confirm the password.
User Must Modify To require the user to modify the password

Password Before Next before logging in to the system again, select -
Login this check box.
User Can not Change To forbid the user to change the password,
-
Password select this check box.
Set User Maximum Select this check box to set the maximum
1 to 500
Password Age (days) password validity duration.
Set User Minimum Select this check box to set the minimum
1 to 499
Password Age (days) password validity duration.
Select this check box, and the created user is

Disable -
disabled and can not be used for login.
Select this check box to set the restriction

Auto Disable in Case
on idle days of the account, and the system
of Idle Account
will automatically disable the user when the 1 to 500
for the Following
account is not used for the preset period
Period(days)
(days).
Set Account Validity

Set the validity period of the user account. 1 to 500
(days)
Set Account Stop Set the duration in which the account is 1 to 500 (default value:
(days) disabled. 90)
7-3

Note:
The User Status area on the lower part of the Basic Information tab shows the
information of the user after successful creation of the user, including the creator,
creation time, and password activation time of the user.
4. Click the Right tab, and then select one or more role(s) and/or role set(s) that you
want to assign to the user.
Note:
Click , to open the Role Management view for
creating new roles or role sets.
5. Click the Log View Range tab, and set the log viewing rights bye selecting one or
more roles from the Role Tree.
Note:
A user assigned with the administrator role can view the all logs. Other users can only
see the logs of itself and of the users with roles specified in this step.
6. Click the User Department tab, and then select the department that the user belongs
to.
Note:
A user can only belong to one department. The default department of a new user is
the Root Department.
7. Click the Advanced Information tab to set the advanced information of the new user
by referring to Table 7-2. The tab is shown in Figure 7-2.
7-4

Figure 7-2 Creating a User (Advanced Information Tab)
On the Advanced Information tab, you can add more user information, and restrict
the work time duration and allowed IP range.
Table 7-2 Description of Advanced User Parameters
The detailed information of the user to be

User Descriptions 1 to 100 character(s)
created. This parameter is optional.
The phone number of the user. This 1 to 50 number(s) and

Phone Number
parameter is optional. hyphen(s)
A valid Email address. This parameter is

Email 1 to 100 characters
optional.
The maximum number of concurrent login

1 to 255
users that use the same user account. (The
Concurrent Logins default value: 10
system supports ten concurrent users by
Suggested value: 1
default)
l Password(Default)
Login Type Login type of the user.
l USBKey
Click Set Or View the Working Time to set

User Working Time or view the working hours and holidays of All hours
the user.
7-5

Click Add to set the allowed IP range

0.0.0.0 to
IP Range for login. The login from out-of-range IP
255.255.255.255
addresses will be refused.
GUI MAC Bind Setting Click Add to set the allowed MAC address. Valid MAC address
Note:
If the value of Concurrent Logins is set to a number larger than 1, multiple users
can use the same account. In this case, it is difficult to decide which user performs a
certain operation. Therefore, it is recommend to set this parameter to 1.
8. Click the Operator Information tab, and set the information of the telecommunications
operator (the operation can be performed when the RAN network sharing function is
enabled).
Condition Operation
The operator has been added.

i. Select the Set PLMN Information of the
User check box.
ii. Select the PLMN information from the

drop-down box.
The operator has not been added.

i. Click the View or Set Operators button.
ii. In the Operator Maintenance dialog box, add

the operator information.
9. Click OK to finish
Result
The newly-created user appears on the tree in the User Management pane.
7.3 Modifying a User

Context
All properties of an existing user can be modified except the user name. Before
modification, you can also view the attributes of a user.
7-6

Note:
You can also modify the default system administrator (admin) provided by the system as
an administrator. However, some of the admin user’s properties can not be modified. For
example, it is not allowed to change the user working time or disable the admin account.
To modify the attributes of a user, do the following:
Steps
2. Do one of the following to activate the tabs in the right pane, as shown in Figure 7-3.
l In the User Management pane, right-click the user to be modified and then click
Modify on the shortcut menu.
l In the User Management pane, click the user to be modified, and then click
Modify in the right pane.
Figure 7-3 Modifying a User
7-7

Note:
For the description of parameters on these tabs, refer to the previous section “Creating
a User”.
3. On the Basic Information tab, modify the basic parameters of the user except the
user name.
4. If you want to reassign role(s) or role set(s) to the user, click the Right tab and then
modify the selection of role(s) or role set(s) as needed.
5. If you want to change the log viewing rights of the user, click the Log View Range tab,
and select necessary role(s) whose logs the user can view.
6. If you want to change the department of the user, click the User Department tab and
then select the department you want.
7. If you want to modify the advanced information of the user, including detailed
information, phone number, Email address, and IP range, click the Advanced
Information to modify parameters as needed.
8. Click OK to save the modifications.
Result
The attributes of the user changes accordingly after modification.
Note:
If the operation permissions of a login user are modified, the system will force the user to
log out. After another login, the user permissions will be updated.
If the password of a login user is modified, the system will force the user to log out. After
another login, the user permissions will be updated.
7.4 Duplicating a User

Context
By duplicating an existing user, you can quickly create a new user similar to the existing
one by modifying required parameters already set for the existing user.
7-8

Note:
The system does not support the duplication of the default system administrator (admin).
To create a new user by duplicating an existing user, do the following:
Steps
2. In the User Management pane, right-click the user to be duplicated, and then click
Duplicate to activate the tabs in the right pane, as shown in Figure 7-4.
Figure 7-4 Duplicating a User
3. On the Basic Information tab, enter a new user name in the User Name text box.
Note:
The name of a user must be unique in the system.
7-9

4. If you want to create a new user with the same properties as the duplicated user,
proceed to the next step.
If you want to modify some attributes to create a user with different properties, modify
parameters on the corresponding tabs.
5. Click OK.
Result
A new user appears on the tree in the User Management pane.
7.5 Deleting a User

Context
When a user is no longer in use, you can delete it. Note that the default system
administrator (admin) cannot be deleted.
Steps
2. On the User Management pane, right-click the user to be deleted, and then click
Delete.
3. In the pop-up Confirm dialogue box, click Yes to delete the user.
Result
The user disappears from the User Management pane. If the user has logged in to the
system, it will be forced to log out. The deleted user cannot be used any longer.
7-10

Chapter 8
Other Functions
Table of Contents
Viewing User Lockup Records....................................................................................8-1
Modifying the Passwords of All Common Users..........................................................8-2
Managing Current Login Users...................................................................................8-2
Set User Blacklist .......................................................................................................8-3
Viewing the Network Element Login Users .................................................................8-4
Modifying the User Login Password ...........................................................................8-5
User Login..................................................................................................................8-5
8.1 Viewing User Lockup Records

Context
If the number of times that a user types the wrong passwords exceeds the preset number
in the user account rule, the system will lock the user account. You can view the locked
user accounts and unlock them after logging in to the system as an administrator.
Note:
For the description of the user account rule, refer to the section “Customising User Account
Rule” in Chapter 2 in this operation guide.
To view the user lockup records, do the following:
Steps
1. On the menu bar of the client window, click Security > User Lock Details.
2. View the user lockup records in the pop-up User Lock Details dialogue box, which
lists the user name, IP address, and the locking time.
Tip:
To get the latest information of locked user accounts, you can click Refresh.
8-1

3. If you do not wish to unlock any locked user, go to step 4.

If you need to unlock a locked user, select the corresponding row, and click Unlock.
Then click Yes in the pop-up Confirm dialogue box.
8.2 Modifying the Passwords of All Common Users

Context
A common user refers to a non-administrator user. This function allows you to set the
passwords of all common users as the same one. The new unified password is not
restricted by any password rule. However, any common user can change their own
password after this modification, except that the specific user’s password used before
this modification cannot be used during the next 100 days.
Steps
1. On the menu bar of the client window, click Security > Modify All Common Users'
Password to open the Modify All Common Users' Password dialogue box.
2. Type the same password in the New Password and Confirm Password boxes.
3. Click OK.
Result
The passwords of all common users are set as the same one.
8.3 Managing Current Login Users

Context
This function allows you to view the information of all current login users of the EMS system,
including the following details:
l User name
l Login IP
l Login time
l Connection Type
l Idle duration
Steps
1. On the menu bar of the client window, click Security > Login User Management to
open the Login User Management dialogue box, as shown in Figure 8-1.
8-2

Chapter 8 Other Functions
Figure 8-1 Login User Management
2. Click a user in the Login User Management dialogue box, and choose one or more
of the following operations to manage login users if necessary.
l Click Send Message to send a message to another client that connects to the
same NetNumen U31 server (same IP address) that the current client connects
to.
l Click Force to Log out to force the user to log out.
l Click Refresh to get the latest information of login users.
8.4 Set User Blacklist

Context
Only the administrator user is authorised to set the blacklist. The users in the blacklist can
not log in to the system.
Steps
1. On the main menu, click Security > User Blacklist to open the User Blacklist
dialogue box, in which the All Users pane and the Users in blacklist pane list all
non-blacklist and blacklist users respectively.
2. Set the blacklist users in the User Blacklist dialogue box by referring to Table 8-1.
Table 8-1 Button Description
Button Function
Add the user into the User Blacklist.
Remove the user from the User Blacklist.
8-3

Note:
To select more than one users, you can press and hold CTRL or SHIFT on the keyboard
in selecting users.
3. Click OK, and the Confirm dialogue box opens.

Note:
Reverse the operation to remove a user from the blacklist.
8.5 Viewing the Network Element Login Users

Context
This function allows you to view the users that log into the lower-level EMS. The information
you can get include
l NE server name
l User name
l Login IP
l Login time
l Connection type
Steps
1. On the main menu, click Security > View NE Login User to open the View NE Login
User dialogue box.
2. Click Refresh to refresh the NE login user’s information.
3. Click Close to close the dialogue box and finish.

Result
The information of the NE login users is displayed.
8-4

Chapter 8 Other Functions
8.6 Modifying the User Login Password

Abstract
The only password of login users can be modified. A user password must contain at
least 6 characters, which should be a combination of at least three types of the following
characters: numbers, lower-case letters, upper-case letters, and other characters. The
password must not be identical with the user account. It cannot be the reverse of the user
account. It cannot be a common word. During password modification, the new password
must be different from the previous five passwords.
Note:
After the initial installation, the password of the system administrator (admin) is null. It
is strongly recommended that you modify the password of user admin after the initial
installation.
Steps
1. In the main menu, select System > User Password Setting from the main menu. The
User Password Setting dialog box appears.
2. Set the new password, and click OK.
Error messages
l New password cannot be the same as the old one.
l Password is too short.
l Password does not match the following rule: password must include at least three
of the following four types: numbers, lowercase letters, uppercase letters, other
characters.
l Password does not match the following rule: password cannot be the same as
user name; Can not be the same as double repeat of username; Can not be the
reverse of user name.
8.7 User Login

Steps
1. Start the NetNumen U31 client.
2. Log in to the client with an existing user account.
8-5

Tip:
If the user account does not exist or the password is incorrect, SSH failed is prompted.
After a successful login, the number of login failures of the current user, and the last
successful login date and time are displayed on the status bar of the NetNumen U31
client.
Error messages
l SSH failed
l User does not exist. It may be deleted.
l User password is incorrect.
l Client’s IP address is invalid.
l Client’s MAC address is invalid.
l Not in work time.
l The user’s password is expired.
l The user account is expired.
l The user is locked.
l The user is automatically disabled because of no login for <n> days.
l Maximum number of connections for the user is already reached.
l The max. client num of the system supported is reached, can not login!
l The user was set in the blacklist by admin, is forbidden to login.
8-6

Figures
Figure 1-1 Relation Model of Security Management.................................................. 1-3
Figure 1-2 Centralized Security Management ........................................................... 1-7
Figure 2-1 Customising User Account Rule............................................................... 2-2
Figure 3-1 Operation Set List .................................................................................... 3-3
Figure 3-2 Viewing Permitted Operations.................................................................. 3-7
Figure 4-1 Setting Parameters for a New Role .......................................................... 4-2
Figure 4-2 Role Right Icon Description...................................................................... 4-4
Figure 5-1 Parameters for Creating a Role Set ......................................................... 5-2
Figure 6-1 Department Basic Information.................................................................. 6-2
Figure 7-1 Creating a User (Basic Information Tab)................................................... 7-2
Figure 7-2 Creating a User (Advanced Information Tab)............................................ 7-5
Figure 7-3 Modifying a User...................................................................................... 7-7
Figure 7-4 Duplicating a User ................................................................................... 7-9
Figure 8-1 Login User Management.......................................................................... 8-3
I
Figures

Tables
Table 1-1 Security Management Example ................................................................. 1-4
Table 2-1 Parameters for Customising User Account Rule ........................................ 2-2
Table 4-1 Basic Parameters of a Role ....................................................................... 4-3
Table 4-2 Access Rights Parameters ........................................................................ 4-3
Table 5-1 Basic Parameters of a Role Set................................................................. 5-2
Table 6-1 Description of Department Parameters ...................................................... 6-2
Table 7-1 Parameters on the Basic Information Tab .................................................. 7-2
Table 7-2 Description of Advanced User Parameters ................................................ 7-5
Table 8-1 Button Description ..................................................................................... 8-3
III
Tables

Glossary
BSC
- Base Station Controller
BTS
- Base Transceiver Station
EMB
- Enterprise Message Bus
EMS
- Network Element Management System
GUI
- Graphical User Interface
J2EE
- JAVA 2 platform Enterprise Edition

NetNumen U31 R18 Unified Element Management System Security Management Operation Guide PDF

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

NetNumen U31 R18 Unified Element Management System Security Management Operation Guide PDF

Caricato da

Copyright:

Formati disponibili

NetNumen™ U31 R18

Unified Element Management System

Revision No. Revision Date Revision Reason

R1.0 2011-09–23 First Edition

Serial Number: SJ-20110823134613-005

Publishing Date: 2011-09-23(R1.0)

Chapter 2 Security Policy Management ................................................... 2-1

Chapter 3 Operation Set Management ..................................................... 3-1

Chapter 4 Role Management ..................................................................... 4-1

Chapter 5 Role Set Management............................................................... 5-1

Chapter 6 Department Management ......................................................... 6-1

Chapter 7 User Management ..................................................................... 7-1

Chapter 8 Other Functions ........................................................................ 8-1

What Is in This Manual

Chapter 1, Overview Introduces concept of security management,

Chapter 2, Security Policy Management Describes customisation of user account rules

Chapter 3, Operation Set Management Describes steps of viewing, modifying, exporting

Chapter 4, Role Management Describes operations of adding, modifying,

Chapter 5, Role Set Management Describes operations of adding, modifying,

Chapter 6, Department Management Describes operations of adding, modifying, and

Chapter 7, User Management Describes management of user accounts, such

Chapter 8, Other Functions Describes other management functions.

1.1 Introduction to Security Management Functions

1.2 Basic Concepts of Security Management

SJ-20110823134613-005|2011-09-23(R1.0) ZTE Proprietary and Confidential

1.3 Relation Model

SJ-20110823134613-005|2011-09-23(R1.0) ZTE Proprietary and Confidential

Figure 1-1 Relation Model of Security Management

Following are some supplementary explanations:

SJ-20110823134613-005|2011-09-23(R1.0) ZTE Proprietary and Confidential

1.4 Security Management Solution

Table 1-1 Security Management Example

Department Role Operation Set Role Description User

The system provides a default

The BSC administrator has the

This role specifies the authority

This role specifies the authority

SJ-20110823134613-005|2011-09-23(R1.0) ZTE Proprietary and Confidential

Department Role Operation Set Role Description User

This role specifies the authority

This role specifies the authority

This role specifies the authority

1.5 Authentication and Access Control

SJ-20110823134613-005|2011-09-23(R1.0) ZTE Proprietary and Confidential

1.6 Authentication Modes

NetNumen U31 supports three authentication modes:

1.8 Centralized Security Management

Figure 1-2 illustrates the process of centralized security management.

SJ-20110823134613-005|2011-09-23(R1.0) ZTE Proprietary and Confidential

Figure 1-2 Centralized Security Management

The EMS in the figure refers to NetNumen U31.

1.9 Implicit Prerequisites

l Log in to the NetNumen U31 GUI client as an administrator.

SJ-20110823134613-005|2011-09-23(R1.0) ZTE Proprietary and Confidential

This page intentionally left blank.

SJ-20110823134613-005|2011-09-23(R1.0) ZTE Proprietary and Confidential

2.1 Introduction to Security Policy Management

2.2 Customising the User Account Rule

SJ-20110823134613-005|2011-09-23(R1.0) ZTE Proprietary and Confidential

Figure 2-1 Customising User Account Rule

Table 2-1 Parameters for Customising User Account Rule

Policy/Rule Type Parameter Description Suggested Value

Enable Weak Pass- Select to check weak Selected