98 Chapter 4 BCM50 Security Policies and Accounts and Privileges
NN40020-600NN40020-600
After you create an account, you can assign groups to that account. Groups are sets of privileges
based on user tasks or roles. For example, if you have a user who is responsible for remote
monitoring, you can create an account for that user and then assign a group to the account; the
group that you assign would contain the appropriate privileges for that role. The BCM has default
groups available, but you can refine the privileges available within a group to suit the needs of
your network. In this example, you could assign the default group called Remote Monitoring,
which would allow the user to do such things as view metrics and alarms.
You can create up to 200 accounts that require privileges in Element Manager, such as IPSec and
PPP. This number does not include accounts supported for voicemail users, and contact center
agents.
The User ID of the account profiles created through the set based interface cannot be modified
through the Element Manager.
Two default user accounts are provided:
The nnadmin account is read only and cannot be deleted or disabled
The nnguest account provides customers with web-only access. Al l access to the Apache web
server requires a valid administrator username and password
Auditing for user accounts includes:
creation date, time, and the user ID that created the account
modify date, time, and the user ID that modified the account
expiry date and time, if enabled
login history, including failed attempts and the date and time of the last successful attempt
an audit log that tracks logged-in user transactions, including user account changes
Remote users can have a callback number assigned as well. This feature allows authentication of
remote users calling in through a modem. After authentication, the BCM50 will call the user back
at the number specified.
Nortel recommends that each user have a separate user account (User Name) with a unique
password. These are set up by a user with administrator privileges in the Element Manager. The
password only shows up as asterisks on the Element Manager panel. If the password is lost, the
administrator can reset the password for the user by re-entering the password in the user account.
Each user can access their own user information and change their password. User accounts can be
disabled, either manually or through dated expiry.
On the telset administration menu (F9*8), only the administrator (SBAInstaller) can enable or
disable the telset user IDs and modify or delete telset user passwords.