1 three levels of security, 2 add or edit an account, Three levels of security – CANOGA PERKINS 9145E NID Software Version 4.10 User Manual

9145E NID Software User’s Manual

System Configuration

Account Configuration

30

3.5.1 Three Levels of Security

A three-level security system on the 9145E controls all user interface and SNMPv3 access.

Most Service Provider management networks provision certain access levels to technicians,
network administrators, and managers. Offering different access levels to critical applications
allows network administrators to keep closer watch on the entire network.

All 9145E features require a certain access level for access. The logged in user or SNMPv3
manager’s access level is used to validate and control access to the 9145E features. When
accessing a menu item or an SNMP object the user’s access level is checked against the access
level required for the feature. If the user’s access level is sufficient, then the access is granted. If
the user’s access level is not sufficient, an error message is displayed in the status area or an
SNMP error is returned.

The three access levels are supervisor, operator, and observer.

In the default configuration, the supervisor access level is allowed complete access to all of the
9145E’s features including configuring the 9145E’s security system. The operator access level is
allowed access to the 9145E features except those relating to the 9145E’s security system. This
level can be configurable by the administrator.

The observer access level is allowed access to the 9145E features that do not modify the
9145E’s configuration. This level can be configurable by the administrator. Feature Access Level
Configuration The assignment of access levels has a default configuration built into the 9145E.
Creating and downloading a text file called 9145e.cap to the 9145E can change this assignment,
however. This file contains mappings between module features and the access level required to
access the feature. As an example the entry that controls access to the Maximum Frame Size
setting looks like:

maxFrameSize=operator

This entry indicates that to change the Maximum Frame Size, a user’s account must have
operator access level or greater.

This 9145e.cap file is downloaded to the 9145E via the normal FTP/SFTP/TFTP in the same
manner as downloading a firmware file to the 9145E. The same file may be downloaded to
multiple 9145E's to ensure that each is following the same security rules.

3.5.2 Add or Edit an Account

To add an account, from the Account Configuration screen (Figure 3-18), type A and press Enter.
The Edit User Account screen (Figure 3-19) opens with all fields empty. When you have entered
the account information, press Esc to return to the Account Configuration screen.

To edit an account, type E and press Enter. The first User Account will be highlighted. Press the
Space bar to select an account. The Edit User Account screen (Figure 3-19) opens.