How do I configure a role?

Purpose

A role object specifies access rights to specific NSP functions and network resources. Roles are assigned to user groups, bringing all access rights defined on the role to all members of the user group.

Consider the following before configuring a role:

  • If you intend to assign resource group access to a role, you must configure your resource groups before completing this procedure.

  • If you intend to assign Data Collection and Analysis resource access in this role, you must fully configure Data Collection and Analysis and the Analytics server, and you must assign Read/Write/Execute permission to either the Analyze/Assure category, or to Data Collection and Analysis.

  • A user with access to device discovery must also be given access to device management. Device management access is required to view discovered devices.

Note: Do not confuse the Access settings with the Deployment Control settings that are configured in the NSP settings; the Deployment Control settings determine which NSP views are activated and available.

Steps
 

Open Users and Security.


Select Roles from the drop-down list on the toolbar.


Click png13.png Create Role. The Create Role form opens.


In the Identification panel, specify a role name and description.

The Role Name and Description fields can employ only the following special characters: @ - _.

The Role Name string must not contain any spaces, including a leading or trailing space.


In the Characteristics panel, you can enable special designations for the role:

  • To create an administrative role with access to all resource groups and function, enable the Administrator check box.

    If you enable this option, no further steps are necessary. Click Create to save the role.

  • If the role is intended specifically for Lawful Intercept users, enable the Lawful Intercept check box.

    LI users are exempt from the User Activity Logging function.


To assign NSP functional access to the role, go to the Action Permissions panel and select an access level from the drop-down list for each NSP GUI you want to include in the role.

If you intend to assign Data Collection and Analysis resource access in this role, you must assign Read/Write/Execute permission to Data Collection and Analysis.


To assign network resource access to the role, go to the Resource Groups Access panel. (For a detailed explanation of the Resource Groups Access panel, see How do I set network resource access levels?.)

You can assign resource group access globally, to resource group categories, to individual resource groups, or a combination of these.

  1. You can assign resource group access globally by resource type. Enable either or both options:

    • Access To All Equipment assigns full permissions on all NE resource groups and port resource groups to the role.

    • Access To All Services assigns full permissions on all service resource groups to the role.

  2. Expand the resource group category for resource groups you want to include in the role. (For a detailed explanation of the Network Resource Access panel, see How do I set network resource access levels?.)

    • Select an access level from the drop-down list for each resource type you want to include in the role.

    • If you specify an access level to a resource group category, all resource groups within the category are included in the role at the same access level.

    If the Group Category list is empty or the resource group you are looking for does not appear, you can create resource groups in the Map Layouts and Groups view.


To assign Analytics resource access to the role, go to the Analytics Resource Access panel.

In order for the Analytics Resource Access panel to appear, Analytics reporting must be fully configured and running in NSP and you must assign Read/Write/Execute access to Analytics in this role.

Assign access to Analytics categories or individual Analytics resources in the Analytics Repository list:

  • To obfuscate specific Analytics report data for user groups associated with the role, enable the Data Anonymization check box.

  • Assign access to an entire Analytics category from by enabling its corresponding Permissions check box png33.png.

  • Assign access to individual Analytics resource items by expanding an Analytics category, selecting an Analytics resource, enabling its corresponding Permissions check box png33.png.

    Some Analytics categories have nested subcategories, each containing individual Analytics resources. An Analytics category or subcategory with access granted on all of its contained resources is displayed as fully-enabled png33.png. If access is granted on only some of its contained resources, it is displayed as partially-enabled png34.png.

Note: The View/Execute permissions for a report in an Analytics report repository do not apply to drill-downs.

For example, a user group has View/Execute permission for report A but no permission for report B. If report B is a drill-down from report A, users will be able to execute report A via report B, although this might not seem obvious.


Click Create to save your changes and return to the Roles list.

End of steps