5 managing authorization conditions, Managing device areas, Viewing the device area list – H3C Technologies H3C Intelligent Management Center User Manual
Page 42: 5 managing authorization, Conditions, 5 managing, Authorization conditions, Managing device, Areas, N, see
33
5 Managing authorization conditions
An authorization policy defines one or more authorization conditions, and assigns each condition one
shell profile and one command set. Administrators can assign authorization policies to individual device
users or to device user groups. When a device user logs in to manage a device, TAM matches the user
with a condition and applies the shell profile and command set of the condition to the user for device
management.
An authorization condition is identified by the combination of the following three elements:
•
Device area—Area to which the device belongs. Operators can divide device areas by location or
network layer of the device.
•
Device Type—Type of the device. Command lines provided by devices of different types might be
different.
•
Time range—Time range during which a user logs in to manage the device.
TAM can authorize device users with different device login and management privileges according to the
device area, device type, and authorized time range.
Managing device areas
Operators can classify device areas by various criteria, for example, location or network layer. TAM
supports hierarchical management of device areas. You can divide a level-1 (top level) device area into
one or more level-2 device areas.
TAM supports a device area hierarchy of at most five levels. Two device areas in adjacent levels are
referred to as parent area and child area, respectively. For example, a level-1 device area is the parent
area of all its level-2 areas, and the level-2 device areas are the child areas of the level-1 device area.
A device area can contain only devices or sub-areas. If a device area already contains a device, you
cannot add sub-areas for it. If a device area has a sub-area, you cannot add devices to the device area.
TAM can authorize device users with different device login and management privileges according to the
device area.
Viewing the device area list
To view the device area list:
1.
Click the User tab.
2.
On the navigation tree, select Device User Policy > Authorization Conditions > Device Areas.
The Device Area list displays all device areas. The list includes the following columns:
{
Area Name—Device area name, which must be unique in TAM.
Click the name to view its details.
{
Description—Description of the device area for easy maintenance.
{
Device List—Click the Device List icon
for a device area to view its device list.