What is NFM-P user security?

User security mechanisms

This section describes the NFM-P user security mechanisms for providing and restricting access to various objects and functions. NFM-P user security includes the following:

  • user group and account management, which involves the following elements:

    • Scope of command roles — contains the roles that define the level of user control in NFM-P functional areas such as the read, create, update, and delete access permissions

    • Scope of command profiles — contains the appropriate scope of command role for the types of tasks to be performed

    • Span of control — list of objects to which a user has access

    • Span of control profiles — contains the required spans that allow group access to specific NFM-P objects

    • Span rules — directs the NFM-P to add new services to other spans in addition to the Default Service span

  • global security parameters such as password expiry periods, the allowed number of login attempts, and any automated security e-mail notifications.

  • managing user-group workspaces, which are customized configurations of NFM-P GUI elements; see “NFM-P custom workspaces” in the NSP NFM-P User Guide for comprehensive workspace information

  • monitoring and managing active client sessions

  • remote user access via LDAP/S, RADIUS, and TACACS+ authentication

  • deleting NFM-P security elements that are no longer required, such as inactive user accounts or user groups.

  • configuring task monitoring parameters and monitoring the progress of operational tasks:

    • GUI client write operations initiated by clicking Apply or OK

    • all write operations performed via the XML API

    • some read operations; for example, when you click Resync or Collect All

Note: See Appendix A, Classic management scope of command roles and permissions for a list of the permissions, access levels, and descriptions of all predefined scope of command roles and profiles.