LI functional tasks by user type

User authorization level

LI requires a dedicated user authorization level to setup the LI infrastructure on the NFM-P and corresponding NEs to configure and manage LI functions. The following user types are required to perform LI:

Note: For security, all LI functions in the NFM-P GUI, for example, menus, forms, parameters, policies, filters, and alarms, are hidden from view for all NFM-P user types except an LI user or LI administrator.

NFM-P admin LI tasks

The NFM-P admin user is responsible for the initial setup of the LI user or LI administrator accounts on the NFM-P. The setup includes the following tasks:

The NFM-P admin cannot perform the following LI functions:

NE admin tasks

The NE admin is responsible for the creation of an NE LI user profile and NE LI user account using a CLI on the NE that LI will be performed on. This is usually a one-time configuration.

NE LI user tasks

The NE LI user configures the NE LI user security on the NE using a CLI such as changing the password of the NE LI user account so it’s unknown to NE admin and to configure the SNMP data encryption used for the NE. This is usually a one-time configuration.

LI users or LI administrator tasks
CAUTION 

CAUTION

Service Disruption

An LI user password cannot be modified unless it is known. When an LI user password is not known, the LI user account is unavailable.

An LI user or LI administrator can perform the following LI related tasks on the NFM-P:

An LI administrator is an LI user who has been designated as the lead LI user who would normally create and maintain other LI user accounts once the NFM-P System admin has created the initial LI user account. This role is dependent/optional based on your NOC security requirements.

Note: Viewing or retrieving LI user activity records requires a user account with an assigned Lawful Interception Management scope of command role. The scope is restricted to the records of users in the same LI user group.

The NFM-P does not support LI user to execute CLI commands with LI user privilege on the node by using CLI scripts or by executing XML API API calls such as executeCLI or executeMultiCLI.

The following user account creation conditions apply to LI users and LI user groups.