This section describes the NFM-P user security mechanisms for providing and restricting access to various objects and functions. NFM-P user security includes the following:

• user group and account management, which involves the following elements:

  • Scope of command roles — contains the roles that define the level of user control in NFM-P functional areas such as the read, create, update, and delete access permissions

  • Scope of command profiles — contains the appropriate scope of command role for the types of tasks to be performed

  • Span of control — list of objects to which a user has access

  • Span of control profiles — contains the required spans that allow group access to specific NFM-P objects

  • Span rules — directs the NFM-P to add new services to other spans in addition to the Default Service span

• global security parameters such as password expiry periods, the allowed number of login attempts, and any automated security e-mail notifications.

• managing user-group workspaces, which are customized configurations of NFM-P GUI elements; see “NFM-P custom workspaces” in the NSP NFM-P User Guide for comprehensive workspace information

• monitoring and managing active client sessions

• remote user access via LDAP/S, RADIUS, and TACACS+ authentication

• deleting NFM-P security elements that are no longer required, such as inactive user accounts or user groups.

• configuring task monitoring parameters and monitoring the progress of operational tasks:

  • GUI client write operations initiated by clicking Apply or OK

  • all write operations performed via the XML API

  • some read operations; for example, when you click Resync or Collect All

Note: See Appendix A, Classic management scope of command roles and permissions for a list of the permissions, access levels, and descriptions of all predefined scope of command roles and profiles.