How do I configure alarm access using roles?
Purpose
Users can manage alarms for objects that are included in the resource groups assigned to their roles. The tasks that users can perform depend on the access level provided to the resource groups. Consider the following:
-
Network objects that have multiple endpoints or components, such as SAPs, require access to all endpoints for alarm management. For example, users can only see alarms on physical links when they have access to both endpoints.
-
Viewing alarms on service-related objects requires access to the parent service and associated equipment.
-
In some cases, access level can be inherited from the parent object. For example, when no access level is granted for a port, any level of access granted to the parent NE will grant the same access level to the port.
-
In the Unhealthy NEs view, users must have access above “none” to view any NEs that might appear in the page.
The following table describes in more detail how the access levels of resource groups determine the type of alarm management tasks that users can perform.
Resource groups 1 |
Access level “none” |
Access level “read” |
Access level “write” |
Access level “execute” |
---|---|---|---|---|
Equipment→Port |
Port access is equal to the parent NE access. |
Can open affected object and impacted object. |
Can open affected object and impacted object. | |
NE |
No access to alarms on the NE and equipment. |
Can open affected object and impacted object. |
||
Service |
No access to alarms on service and associated service object. |
Can open affected object and impacted object. |
Notes:
The following workflow describes the high-level steps required to create a role intended for alarm management, and to assign it to a user group. This workflow applies to all NSP users who need to view object alarms, regardless of which NSP UI they use for alarm viewing.
Steps
Create resource groups | |
1 |
Create an NE | port | LAG group directory; see How do I create a group directory? |
2 |
Create an NE | port | LAG resource group in the group directory, and define a filter that includes the network elements the user needs to view; see How do I configure a resource group? |
3 |
Create a service group directory; see How do I create a group directory? |
4 |
Create a Service resource group in the service group directory, and define a filter that includes the services the user needs to view. You can create multiple service resource groups within a group directory; see How do I configure a resource group? You can create the service resource group based on a Site ID (NE system address) to include all services for the associated NE. |
Assign resource groups to roles | |
5 |
Add the resource groups to a role; see How do I configure a role?. |
6 |
Assign the role to the appropriate user group; see How do I configure a user group?. End of steps |