What are NSP operator roles and responsibilities?
NSP operators
Operator responsibilities determine whether you assign Read or Write privileges to the resource groups of an associated role. For example, the administrator role has Write privileges to all resources. A user with an assigned network operator role, however, may have Read access to the NEs in multiple resource groups for troubleshooting purposes, but be granted Write access only to the resource group for the NEs that they maintain.
Note: When only functional access is configured in a role that has no assigned resource groups, the role has full access to all resource groups.
The following table lists and describes typical network operator roles and responsibilities as examples for NSP role creation.
|
Role |
Responsibilities |
|---|---|
|
Administrator |
User Access Control, network monitoring, system administration |
|
Network operator |
Network fault detection and troubleshooting, equipment health and service infrastructure monitoring |
|
Service operator |
Multi-layer service provisioning |
|
Network engineer, traffic path |
Routing management, optimization, and planning |
|
Network engineer, cross-domain |
Network connectivity, optimization, and planning |
|
Network engineer, provisioning |
Device configuration, NE software and script management |
NSP action permissions
Action Permissions are settings that control what users can see and do within different NSP modules. Permissions are configured per module and will include some or all of: None, Read, Read & Write, Read & Execute, Read Write & Execute. For some modules, additional action permission scopes are available when Read is selected.
The following table lists the NSP action permissions.
|
Action permission |
Description |
Reference |
|---|---|---|
|
NSP Notification Service |
Access to Northbound Interface (NBI) notifications. |
|
|
Analytics Reports |
Access to reports created from raw or aggregated data collected using the NFM-P or NSP telemetry. |
|
|
Data Collection and Analysis Management |
Access to telemetry subscriptions, aggregation and age-out policies, baselines, and indicators. Also provides access to OAM tests, templates, test suites, test results, and configuration objects when combined with the OAM Tests permission. |
|
|
Device Management |
Access to managed NEs, ZTP process, configuration deployments, configuration templates, configuration intent types, operations, operation schedules, operation types, and NE images. |
See the user access control information in “How does NSP support devices?” in the NSP Device Management Guide. |
|
File Server |
Access to a utility for importing and managing files required by various NSP functions. |
|
|
Network Intents |
Access to intent artifacts, mediators, and policies. This will affect CRUD, lifecycle management, and import capabilities. |
See the access control information in “What is an intent type?” in the NSP Network Automation Guide. User access can also be configured on a per intent type basis; see “How do I configure user access to an intent type?” |
|
Network Inventory |
Access to the NE Inventory view: a tree of configured equipment (shelf, card slot, card, port) and logical objects (link aggregation groups, routing instances, ACL sets, BFD) on a selected NE. |
— |
|
Model Driven Configurator |
Access to configure parameters and view state information on NEs managed by MDM for which MDC adaptors have been installed. |
— |
|
Device Discovery |
Access to NE discovery rules, mediation policies, and reachability policies. |
See the access control information in “How does device discovery work?” in the NSP Device Management Guide. |
|
Network Security |
Access to the Anti-theft policies view The Manage anti-theft policies additional scope enables the user to create, edit, and delete anti-theft policies. |
|
|
OAM Tests |
Access to OAM tests, test templates, test suites, test results, and configuration objects. Access is available in Data Collection and Analysis Management when combined with the Data Collection and Analysis Management role. |
|
|
Service Management |
Access to tunnel templates, service templates, tunnels, services, customers, and steering parameters. |
“How does service management implement user access control?” in the NSP Service Management Guide. |
|
System Health |
Access to Role Manager and ASM APIs. System Health GUI is administrator access only. |
|
|
Workflows |
Access to workflow artifacts, actions, environment variables, executions, and triggers. This will affect CRUD, execution management, trigger management, and debugging capabilities. |
See the access control information in “What are Workflows?” in the NSP Network Automation Guide. User access can also be configured on a per workflow basis; see “How do I configure user access to a workflow?” |
|
Device Configuration |
Access to configuration deployments, configuration templates and configuration intent types. Device Configuration also requires access to the Device Management module. |
See the access control information in “What is device configuration in NSP?” in the NSP Device Management Guide. |
Notes:
NSP GUIs and functions that were previously accessible to all users will have an auto-created role enabling user access when upgrading to an NSP release where GUIs/functions become RBAC controlled.