1 three levels of security, 2 feature access level configuration, 3 add or edit an account – CANOGA PERKINS 9145EMP NID Software Version 4.0 User Manual
Page 46

System Configuration
9145EMP NID Software User’s Manual
Account Configuration
31
3.4.1 Three Levels of Security
A three-level security system on the 9145EMP controls all user interface and SNMPv3 access.
Most Service Provider management networks provision certain access levels to technicians, 
network administrators, and managers. Offering different access levels to critical applications 
allows network administrators to keep closer watch on the entire network. 
All 9145EMP features require a certain access level for access. The logged in user or SNMPv3 
manager’s access level is used to validate and control access to the 9145EMP features. When 
accessing a menu item or an SNMP object the user’s access level is checked against the access 
level required for the feature. If the user’s access level is sufficient, then the access is granted. If 
the user’s access level is not sufficient, an error message is displayed in the status area or an 
SNMP error is returned.
The three access levels are supervisor, operator, and observer.
In the default configuration, the supervisor access level is allowed complete access to all 
9145EMP features including configuring the security system. The operator access level is 
allowed access to the 9145EMP features except those relating to the 9145EMP’s security 
system. This level can be configurable by the administrator. 
The observer access level is allowed access to the 9145EMP features that do not modify the 
9145EMP’s configuration. This level can be configurable by the administrator. 
3.4.2 Feature Access Level Configuration
The assignment of access levels has a default configuration built into the 9145EMP. Creating and 
downloading a text file called 9145e.cap to the 9145EMP can change this assignment, however. 
This file contains mappings between module features and the access level required to access 
the feature. For example, the entry that controls access to the Maximum Frame Size setting 
looks like the following:
maxFrameSize=operator
This entry indicates that to change the Maximum Frame Size, a user’s account must have 
operator access level or greater.
The 9145e.cap file is downloaded to the 9145EMP via the normal FTP/SFTP/TFTP in the same 
manner as downloading a firmware file to the 9145EMP. The same file may be downloaded to 
multiple 9145EMP's to ensure that each is following the same security rules.
3.4.3 Add or Edit an Account
To add an account, from the Account Configuration screen (Figure 3-17), type A and press Enter. 
The Edit User Account screen (Figure 3-18) opens with all fields empty. When you have entered 
the account information, press Esc to return to the Account Configuration screen.
To edit an account, type E and press the Space bar to select an account. The Edit User Account 
screen (Figure 3-18) opens.
