How do I configure alarm access using roles?

Purpose

Users can manage alarms for objects that are included in the resource groups assigned to their roles. The tasks that users can perform depend on the access level provided to the resource groups. Consider the following:

  • Network objects that have multiple endpoints or components, such as SAPs, require access to all endpoints for alarm management. For example, users can only see alarms on physical links when they have access to both endpoints.

  • Viewing alarms on service-related objects requires access to the parent service and associated equipment.

  • In some cases, access level can be inherited from the parent object. For example, when no access level is granted for a port, any level of access granted to the parent NE will grant the same access level to the port.

  • In the Unhealthy NEs view, users must have access above “none” to view any NEs that might appear in the page.

The following table describes in more detail how the access levels of resource groups determine the type of alarm management tasks that users can perform.

Resource groups 1

Access level “none”

Access level “read”

Access level “write”

Access level “execute”

Equipment→Port

Port access is equal to the parent NE access.

  • Can see alarms on ports and associated SAPs if the user has access to the corresponding service.

  • Can see alarms on physical links if the user has access to both endpoints.

Can open affected object and impacted object.

Can open affected object and impacted object.

NE

No access to alarms on the NE and equipment.

  • Can see alarms on the NE and its equipment. Can see alarms on service sites and SAPs when the user has access to the corresponding service.

  • Can see alarms on physical links if the user has access on to both endpoints.

  • Can see alarms on LSPs if users have access to both endpoints.

Can open affected object and impacted object.

  • Can open NE sessions for the affected NE.

  • Can open affected object and impacted object.

Service

No access to alarms on service and associated service object.

  • Can see alarms on service.

  • Can see alarms on associated service objects only if the user has access to the corresponding equipment, including NEs and ports (SAPs, sites, tunnel bindings).

Can open affected object and impacted object.

  • Can open affected object and impacted object.

Notes:

  1. Resource group alarm access for LAG groups is not currently supported.

The following workflow describes the high-level steps required to create a role intended for alarm management, and to assign it to a user group. This workflow applies to all NSP users who need to view object alarms, regardless of which NSP UI they use for alarm viewing.

Steps
Create resource groups
 

Create an NE | port | LAG group directory; see How do I create a group directory?

Create an NE | port | LAG resource group in the group directory, and define a filter that includes the network elements the user needs to view; see How do I configure a resource group?

Create a service group directory; see How do I create a group directory?

Create a Service resource group in the service group directory, and define a filter that includes the services the user needs to view. You can create multiple service resource groups within a group directory; see How do I configure a resource group?

You can create the service resource group based on a Site ID (NE system address) to include all services for the associated NE.

Assign resource groups to roles
 

Add the resource groups to a role; see How do I configure a role?.

Assign the role to the appropriate user group; see How do I configure a user group?.

End of steps