Workflow: Configure User Access Control
Purpose
This workflow describes the recommended order of tasks to configure UAC across NSP. The sequence of tasks outlined here is especially recommended if you are setting up UAC in NSP for the first time. Once you have UAC deployed in NSP, you can configure your user groups, roles, and resource groups in any order.
Steps
Prerequisite: create group directories and resource groups | |
1 |
You create group directories and resource groups in Map Layouts and Groups. Resource groups (of NEs, ports, LAGs, or services) are applied to role objects to grant user access rights to network resources. See How do I create a group directory? and How do I configure a resource group? |
Optional: configure Analytics reporting | |
2 |
If you are using Analytics reporting in NSP, you must fully configure Analytic and the Analytics server prior to configuring Analytics resource access in your roles. You cannot configure resource access on a role if Analytics is not running in NSP. |
Create roles | |
3 |
Create roles according to the type of tasks your user groups will be performing, and the types of resources they will need to access. A role object specifies access rights to specific NSP functions and resources; ee How do I configure a role? |
Import or create users and user groups | |
4 |
Choose one of the following options:
You can also create local NSP users; see How do I create an NSP local user? |
Enable UAC | |
5 |
Note: When you enable UAC in NSP, individual users will see their specified access rights enforced when they login to NSP. The user access configuration you create are enforced in place of any previous access-control setup, except in the NFM-P and WS-NOC, which each employ local user management. Local NSP user access to NSP resources is always controlled through NSP, regardless of whether UAC is enabled or not. Once you have configured and reviewed your user groups and their associated roles, you can enable UAC; see How do I enable User Access Control? |
Update LDAP TLS certificate | |
6 |
If the TLS certificate of the LDAPS remote authentication source is updated, you must also update the LDAPS certificate on the NSP deployer host, as described in How do I update the NSP TLS certificate for LDAPS remote authentication? End of steps |