5 managing authorization conditions, Managing device areas, Viewing the device area list – H3C Technologies H3C Intelligent Management Center User Manual

33

5 Managing authorization conditions

An authorization policy defines one or more authorization conditions, and assigns each condition one

shell profile and one command set. Administrators can assign authorization policies to individual device

users or to device user groups. When a device user logs in to manage a device, TAM matches the user
with a condition and applies the shell profile and command set of the condition to the user for device

management.
An authorization condition is identified by the combination of the following three elements:

•

Device area—Area to which the device belongs. Operators can divide device areas by location or
network layer of the device.

•

Device Type—Type of the device. Command lines provided by devices of different types might be
different.

•

Time range—Time range during which a user logs in to manage the device.

TAM can authorize device users with different device login and management privileges according to the
device area, device type, and authorized time range.

Managing device areas

Operators can classify device areas by various criteria, for example, location or network layer. TAM

supports hierarchical management of device areas. You can divide a level-1 (top level) device area into
one or more level-2 device areas.
TAM supports a device area hierarchy of at most five levels. Two device areas in adjacent levels are

referred to as parent area and child area, respectively. For example, a level-1 device area is the parent

area of all its level-2 areas, and the level-2 device areas are the child areas of the level-1 device area.
A device area can contain only devices or sub-areas. If a device area already contains a device, you

cannot add sub-areas for it. If a device area has a sub-area, you cannot add devices to the device area.
TAM can authorize device users with different device login and management privileges according to the

device area.

Viewing the device area list

To view the device area list:

1.

Click the User tab.

2.

On the navigation tree, select Device User Policy > Authorization Conditions > Device Areas.
The Device Area list displays all device areas. The list includes the following columns:

{

Area Name—Device area name, which must be unique in TAM.
Click the name to view its details.

{

Description—Description of the device area for easy maintenance.

{

Device List—Click the Device List icon

for a device area to view its device list.