What is NFM-P user security?
User security mechanisms
This section describes the NFM-P user security mechanisms for providing and restricting access to various objects and functions. NFM-P user security includes the following:
-
user group and account management, which involves the following elements:
-
Scope of command roles — contains the roles that define the level of user control in NFM-P functional areas such as the read, create, update, and delete access permissions
-
Scope of command profiles — contains the appropriate scope of command role for the types of tasks to be performed
-
Span of control — list of objects to which a user has access
-
Span of control profiles — contains the required spans that allow group access to specific NFM-P objects
-
Span rules — directs the NFM-P to add new services to other spans in addition to the Default Service span
-
-
global security parameters such as password expiry periods, the allowed number of login attempts, and any automated security email notifications.
-
managing user-group workspaces, which are customized configurations of NFM-P GUI elements; see “NFM-P custom workspaces” in the NSP NFM-P User Guide for comprehensive workspace information
-
remote user access via LDAP/S, RADIUS, and TACACS+ authentication
-
deleting NFM-P security elements that are no longer required, such as inactive user accounts or user groups.
-
configuring task monitoring parameters and monitoring the progress of operational tasks:
Note: See Appendix A, Classic management scope of command roles and permissions for a list of the permissions, access levels, and descriptions of all predefined scope of command roles and profiles.
Integration with NSP user authentication
An NSP system in CAS mode can use an NFM-P system as an authentication agent. For an NSP system in OAUTH2 mode, the NFM-P cannot act as an authentication agent; instead, you must perform a user migration from the NFM-P local user database to the NSP local user database, as described in the NSP Installation and Upgrade Guide.