beautypg.com

3 tam functions and common operations, Tam functions – H3C Technologies H3C Intelligent Management Center User Manual

Page 30

background image

21

3 TAM functions and common operations

TAM functions

TACACS+ Authentication Manager includes the following functional modules: Device User and Device

User Policy.
The Device User module provides maintenance functions for user access from the perspective of access

services. It includes the following functions:

All Device Users—Allows you to create and maintain accounts. Users are device users when they
log in and manage devices.

All Online Users—Online users are device users that have logged in to devices for device
management. On the online user list, you can view, trace, and maintain online users.

Blacklisted Users—Allows you to blacklist or unblacklist device users.

Log Management—Stores authentication logs, authorized logs, and audit logs generated during
device management. Operators can use them for troubleshooting and auditing.

LDAP User Management Users—LDAP users are device users that are bound with LDAP
synchronization policies. You can add, delete, or query LDAP users.

The Device User Policy module controls management rights of device users. It includes the following

functions:

Quick Start—Provides an operation wizard for the device user policy management.

Authorization Policy Management—Defines the shell profiles and command sets to authorize to
device users in different scenarios. An authentication policy includes multiple access scenarios, and

each access scenario includes one shell profile and one command set.

Authorization Conditions—TAM can authorize device users according to different scenarios. Three
elements define a scenario: Device Area, Device Type, and Time Ranges. Scenarios with one

element different are considered different scenarios.

Authorization Command—Device user login and device management privileges include shell
profiles and command sets. A shell profile controls device logins, and a command set controls

commands that can be performed after user login.

Device List—A device list includes all devices that a device user can log in to and manage. You can
query, add, import, modify, move, and delete devices.

LDAP Service—The TAM component can associate the IMC device users with LDAP users. When a
device user initiates an authentication request, IMC first checks whether the device user exists on the

local database. If the user exists, IMC authenticates the device user locally or forwards the
authentication request to an LDAP sever, depending on the configuration.

Service Parameters—Allows you to configure the global parameters for system running, including
system parameters and system operation log parameters.

See also other documents in the category H3C Technologies Safety: