Nokia IPSO 4.0 manual Role-Based Administration, To add or edit a group

„Control who can log in through SSH.

For most other functions that are generally associated with groups, use the role-based administration feature, described in “Role-Based Administration” on page 293.

To add or edit a group

1.Click Groups under Configuration > Security and Access Configuration in the tree view..

2.Under Add Group Name, enter the name (eight or fewer characters) of the new group and a group ID number.

The group ID must be unique. Suggested values are between 101 and 65000. Range: 0- 65535. Nokia recommends that you reserve 0 to 100 for system use, although this is not enforced. Numbers 0 and 10 are reserved for the predefined Wheel and Other groups respectively. GIDs 65533 & 65534 are also reserved.

3.Click Apply.

The new group information appears on the page.

4.To add a new member to a group, enter the user name in the Add new member text box and click Apply.

5.To delete a member from the group, select the user name from the Delete member text box and click Apply.

6.Click Save to make your changes permanent.

Role-Based Administration

When you add a new user, the user is given read-only privileges to the Nokia Network Voyager home page and CLI prompt but cannot access other Network Voyager pages or execute commands from the CLI prompt. You must assign roles to the user to provide additional access privileges.

Role-based administration (RBA) allows IPSO administrators to create and use separate roles. With RBA, an administrator can allow users to access specific features by including the features in a role and assigning the role to users. Each role can include a combination of administrative (read/write) access to some features, monitoring (read-only) access to other features, and no access to still other features. This feature also provides improved auditing capabilities.

To assign a set of access permissions to a user, create a role that specifies levels of access to features you want to include, then assign this role to the relevant user. You can also specify which access mechanisms (Network Voyager or the CLI) are available to the user when you assign a role to the user.

If your system is part of a cluster, you can create and assign roles that provide access to the entire cluster for the associated features. See “Creating Cluster Administrator Users” for detailed information about this type of user.