Optional: create a restricted Service Management user

Purpose

Perform this optional procedure to create a user with access only to specified NSP functions.

Procedures in this chapter can be performed by the restricted user, or by an administrator.

This procedure is based on the procedures for the following in the NSP System Administrator Guide and NSP Network Automation Guide:

  • Configuring a role

  • Configuring a user group

  • Creating an NSP local user

  • Enabling User Access Control

  • Configuring user access to an intent type

For example, the reference procedures in NSP Release 24.4 are:

If a restricted user has already been created, verify that the user has the required permissions, as shown in Step 6.

Steps
Create a role
 

Log in to the NSP as an administrator.

Open Users and Security.

Select Roles from the drop-down list on the toolbar.

Click png1.png Create Role. The Create Role form opens.

In the Identification panel, specify a role name and description.

The Role Name and Description fields can employ only the following special characters: @ - _.

The Role Name string must not contain any spaces, including a leading or trailing space.

To assign NSP functional access to the role, go to the Action Permissions panel and select an access level from the drop-down list for each NSP GUI you want to include in the role. 

Action permissions group item

Permissions

Notes

Service Fulfillment

Read / Write / Execute

Network Intents

Read: Manage Intents

Required to import intent types into Service Management

Workflows

Read

Required to create service and tunnel templates

DCA Management

Read / Write / Execute

Optional: Only required for creating and plotting telemetry subscriptions

OAM Tests

Read / Write / Execute

Optional: Only required for generating and executing OAM tests

To assign network resource access to the role, go to the Resource Groups Access panel. (For a detailed explanation of the Resource Groups Access panel, see How do I set network resource access levels? in the NSP System Administrator Guide.)

You can assign resource group access globally, to resource group categories, to individual resource groups, or a combination of these. For service management it is recommended to grant access to all equipment and all services: 

  • Access To All Equipment assigns full permissions on all NE resource groups and port resource groups to the role.

  • Access To All Services assigns full permissions on all service resource groups to the role.

Click CREATE to save your changes and return to the Roles list.

Create a user group
 

Open Users and Security.

10 

Select User Groups from the drop-down list on the toolbar.

11 

Click png1.png Create User Group. The Create User Group form opens.

12 

Specify a group name and description in the Identification panel.

The user group name you specify here must exactly match a corresponding user group name returned by your user repository.

The User Group Name and Description fields can employ only the following special characters: @ - _.

The User Group Name string must not contain spaces, including a leading or trailing space.

13 

To assign user roles to the group, click png1.png Add Roles on the Roles panel. The Add Roles form opens.

14 

Enable the check box for the role you configured in Create a role and click Done. The role is added to the Selected Roles list.

15 

Click CREATE to save your changes and return to the User Groups list.

Create a user
 
16 

Open Users and Security.

17 

Select Users from the drop-down list on the toolbar.

18 

Click png1.png Create User.

19 

In the Create User form, specify user identification information for the account in the Identification section. The Username and User Group fields are mandatory.

Note: Any uppercase characters in the username are saved as lowercase.

The Username value:

  • can be 1 to 40 characters long

  • cannot include a space

  • cannot have a leading or trailing space

  • can include only the following special characters:

    • @ (at sign)

    • - (hyphen)

    • _ (underscore)

    • . (period)

20 

In the User Group field, select the user group you created in Create a user group.

21 

In the Password section, specify and confirm a password for the user account.

  • If you want this password to be temporary, enable the Force User to Change Password option. The new user will be forced to change their password when they first login to NSP.

  • Enable the Show Password option to see the password characters as you type them.

  • Click on the Password Requirements link to view a list of minimum security requirements for the password.

22 

Click CREATE.

Enable user access control
 
23 

Open Users and Security, User Groups.

24 

Click png25.png More Actions, Settings.

25 

In the Access Control Settings form, enable the NSP User Access Control option.

26 

Click SAVE to enable access control.

End of steps