Optional: create a restricted Service Management user

Purpose

Perform this optional procedure to create a user with access only to specified NSP functions.

Procedures in this chapter can be performed by the restricted user, or by an administrator.

This procedure is based on the procedures for the following in the NSP System Administrator Guide:

Configuring a role
Configuring a user group
Creating an NSP local user
Enabling User Access Control
Configuring user access to an intent type

For example, the reference procedures in NSP Release 24.4 are:

Steps

Create a role

Open Users and Security.

Select Roles from the drop-down list on the toolbar.

Click Create Role. The Create Role form opens.

In the Identification panel, specify a role name and description.

The Role Name and Description fields can employ only the following special characters: @ - _.

The Role Name string must not contain any spaces, including a leading or trailing space.

To assign NSP functional access to the role, go to the Action Permissions panel and select an access level from the drop-down list for each NSP GUI you want to include in the role.

Action permissions group item	Permissions	Notes
Service Fulfillment	Read / Write / Execute	—
Network Intents	Read: Manage Intents	Required to import intent types into Service Management
Workflows	Read	Required to create service and tunnel templates
Optional: DCA Management	Read / Write / Execute	Only required for creating and plotting telemetry subscriptions
Optional: OAM Tests	Read / Write / Execute	Only required for generating and executing OAM tests

To assign network resource access to the role, go to the Resource Groups Access panel. (For a detailed explanation of the Resource Groups Access panel, see How do I set network resource access levels? in the NSP System Administrator Guide.)

You can assign resource group access globally, to resource group categories, to individual resource groups, or a combination of these. For service management it is recommended to grant access to all equipment and all services:

Access To All Equipment assigns full permissions on all NE resource groups and port resource groups to the role.
Access To All Services assigns full permissions on all service resource groups to the role.

Click Create to save your changes and return to the Roles list.

End of steps

Create a user group


1	Open Users and Security.
2	Select User Groups from the drop-down list on the toolbar.
3	Click Create User Group. The Create User Group form opens.
4	Specify a group name and description in the Identification panel. The user group name you specify here must exactly match a corresponding user group name returned by your user repository. The User Group Name and Description fields can employ only the following special characters: `@ - _`. The User Group Name string must not contain any spaces, including a leading or trailing space.
5	To assign user roles to the group, click Add Roles on the Roles panel. The Add Roles form opens.
6	Enable the check box for each role you want to assign to the group and click Done. The roles are added to the Selected Roles list. To remove a role item from the Selected Roles list, click Delete on the item.
7	Click Create to save your changes and return to the User Groups list. End of steps

Create a user

Note: This procedure describes how to create a local NSP user account in a system deployed using OAUTH2 authentication. It does not apply to users managed through external databases.


1	Open Users and Security.
2	Select Users from the drop-down list on the toolbar.
3	Click Create User.
4	In the Create User form, specify user identification information for the account in the Identification section. The Username and User Group fields are mandatory. Note: Any uppercase characters in the username are saved as lowercase. The Username value: can be 1 to 40 characters long cannot include a space cannot have a leading or trailing space can include only the following special characters: @ (at sign) - (hyphen) _ (underscore) . (period)
5	In the Password section, specify and confirm a password for the user account. If you want this password to be temporary, enable the Force User to Change Password option. The new user will be forced to change their password when they first login to NSP. Enable the Show Password option to see the password characters as you type them. Click on the Password Requirements link to view a list of minimum security requirements for the password.
6	Click Create. End of steps