1 three levels of security, 2 feature access level configuration, 3 add or edit an account – CANOGA PERKINS 9145EMP NID Software Version 4.0 User Manual

Page 46

background image

System Configuration

9145EMP NID Software User’s Manual

Account Configuration

31

3.4.1 Three Levels of Security

A three-level security system on the 9145EMP controls all user interface and SNMPv3 access.

Most Service Provider management networks provision certain access levels to technicians,
network administrators, and managers. Offering different access levels to critical applications
allows network administrators to keep closer watch on the entire network.

All 9145EMP features require a certain access level for access. The logged in user or SNMPv3
manager’s access level is used to validate and control access to the 9145EMP features. When
accessing a menu item or an SNMP object the user’s access level is checked against the access
level required for the feature. If the user’s access level is sufficient, then the access is granted. If
the user’s access level is not sufficient, an error message is displayed in the status area or an
SNMP error is returned.

The three access levels are supervisor, operator, and observer.

In the default configuration, the supervisor access level is allowed complete access to all
9145EMP features including configuring the security system. The operator access level is
allowed access to the 9145EMP features except those relating to the 9145EMP’s security
system. This level can be configurable by the administrator.

The observer access level is allowed access to the 9145EMP features that do not modify the
9145EMP’s configuration. This level can be configurable by the administrator.

3.4.2 Feature Access Level Configuration

The assignment of access levels has a default configuration built into the 9145EMP. Creating and
downloading a text file called 9145e.cap to the 9145EMP can change this assignment, however.
This file contains mappings between module features and the access level required to access
the feature. For example, the entry that controls access to the Maximum Frame Size setting
looks like the following:

maxFrameSize=operator

This entry indicates that to change the Maximum Frame Size, a user’s account must have
operator access level or greater.

The 9145e.cap file is downloaded to the 9145EMP via the normal FTP/SFTP/TFTP in the same
manner as downloading a firmware file to the 9145EMP. The same file may be downloaded to
multiple 9145EMP's to ensure that each is following the same security rules.

3.4.3 Add or Edit an Account

To add an account, from the Account Configuration screen (Figure 3-17), type A and press Enter.
The Edit User Account screen (Figure 3-18) opens with all fields empty. When you have entered
the account information, press Esc to return to the Account Configuration screen.

To edit an account, type E and press the Space bar to select an account. The Edit User Account
screen (Figure 3-18) opens.