Managing operator groups – H3C Technologies H3C Intelligent Management Center User Manual

153

operators to a device group, thus granting them access and rights to manage the devices in that group.

Operators have access only to those devices that are included in the device groups that they have been
granted rights to. In other words, operators do not have access and cannot even view devices that are not

included in the groups that they have been granted access to. Device Groups serve to grant access to

devices only; they are not visible as device groups in IMC features and functions.
Once you have created operator groups, custom views, and device groups and populated device views
and groups with devices, you are then ready to assign or restrict access and management rights to

network resources through the configuration of operator accounts. In operator accounts, you assign to

each operator membership in an operator group and access and management rights to device views

and groups. Adding an operator to the Administrator Group grants that operator rights to all devices, all
device groups and all views, without exception. Thus, to use views and device groups to manage rights

and restrictions to IMC, you must add operators to either the maintainer or the viewer group.
The sum of operator privileges and restrictions configured in add or modify operator account pages

determines ultimately what devices become visible to each operator in IMC through custom views or IMC
system defined views.
The rights and restrictions in operator accounts also determine which performance reports, alarms, and

other IMC management and reporting views and features operators see as operators only view

information and features for devices over which they have rights.
In addition to access and rights management features discussed above, IMC offers other features to
secure access to IMC and the resources managed by it. You have three options for operator

authentication to IMC: local IMC password management, RADIUS or LDAP authentication. You can

configure authentication services through RADIUS or LDAP using the Authentication Server feature found

under Operator Management.
You can control login access to IMC through IP address access control lists in the Login Control Template

function under Operator Management.
You can also set password strategies that apply to all operators in the Password Strategy function under

Operator Management.
Finally, IMC you apply these configurations individually when creating operator accounts.

Managing operator groups

In IMC, you can create custom defined operator groups that assign or restrict IMC service and
component level privileges to members of the operator groups. Once created, custom groups then

appear as configuration options when adding operators to IMC.
You can create custom operator groups and grant or restrict operator access to the following IMC

functions: Resource Management, Alarm Management, Intelligent Configuration Center, Report
Management, Performance Management, Network Asset Management, Security Control Center, Guest

Access Management, ACL Management, VLAN Management, and Syslog Management . Once groups

are created, you can add operators to an operator group to grant or restrict their access to these IMC

features.
In IMC, administrators are granted the access to all data by default, and the maintainers and viewers

can view only the data that they have access to. Through the data access right configuration, you can

view all data that the administrators have access to, and you can view the data access rights of

maintainers and viewers.