How does path control implement user access control?
User access control for path control
NSP's path control function grants or restricts access to specific capabilities based on a user's permissions, as defined in NSP's Users and Security views. Customers upgrading to NSP Release 23.11 or later from any earlier NSP release must manually edit their existing roles in order to align with the new permissions defined below. Previous permissions are no longer enforced by the path control UI and APIs. See the NSP System Administrator Guide for more information.
In NSP Release 23.11, the following new permissions are introduced to further refine a user's access to path control functions:
-
Read - View all available information. Cannot make any changes, except those allowed through Map Palette actions as those changes are applied only for the user that performed the action. The Read permission is a prerequisite for granting additional permissions.
-
Engineering - Available for selection when Read is enabled. Allows the user to perform the following:
— Configure global system configuration settings such as TWAMP test modes, Enable/disable historical data collection, SR policy configuration, TCA configuration policy, traffic data collection parameters, maintenance mode policy
— Create, edit, and delete Path Profile policies
— Create, edit, and delete Router ID Mapping policies
— Update configuration parameters of links, such as srlg-value, latency, te-metric, igp-metric, administrative-group, admin-status, measuredIpBw, and measuredMplsBw
— Clean up topology references
— Trigger a data synchronization with the connected NMS
— Force NSP Plugin to form a specific connection
— Create, edit, and delete network map (Rebuild, Auto layout, Toggle hidden devices, Restore common map layout, Save map changes, and Export network)
— Map Palette actions
-
Operations - Available for selection when Read is enabled. Allows the user to perform the following:
— Create, edit, delete, shutdown, and no shutdown on PCE-initiated LSP paths
— Create, edit, delete, admin up, and admin down on SR Policies and Candidate Paths
— Configure Path Profile Override for both PCE and PCC initiated LSP paths
— Reset Failed Override Profile and Reset Controlled Reroute Path on LSPs
— Activate and deactivate maintenance mode on nodes and links
— Run workflows associated with nodes, links, and LSPs
— Create, edit, and delete network map (Rebuild, Auto layout, Toggle hidden devices, Restore common map layout, Save map changes, and Export network)
— Map Palette actions
-
Troubleshooting - Available for selection when Read is enabled. Allows the user to perform the following:
— Resignal, optimize, shutdown, no shutdown, on LSP paths
— Resignal, admin up, and admin down on SR Policies and Candidate Paths
— Create, edit, and delete network map (Rebuild, Auto layout, Toggle hidden devices, Restore common map layout, Save map changes, and Export network)
— Map Palette actions
— Path Finder
— Run Path Diagnostics
The above permissions can be combined to create the following roles from NSP's Users and Security views:
Note: These roles must be created by the customer and are not provided as pre-configured roles.
|
Role |
Permissions |
|---|---|
|
Engineer |
Engineering Operations Troubleshooting |
|
LSP Operator |
Operations Troubleshooting |
|
Troubleshooter |
Troubleshooting |
|
Read-Only |
Read |
© 2024 Nokia. Nokia Confidential Information
Use subject to agreed restrictions on disclosure and use.