4 changing access level configuration, Changing access level configuration – CANOGA PERKINS 9145E10G NID Software Version 1.0 User Manual
Page 15
Introduction
9145E10G NID Software User’s Manual
Changing Access Level Configuration
3/(4 Blank)
2. The operator access level is allowed access to the 9145E10G features except those
relating to the 9145E10G’s security system. This level can be configurable by the admin-
istrator.
3. The observer access level is allowed access to the 9145E10G features that do not modify
the 9145E10G’s configuration. This level can be configurable by the administrator.
1.4 Changing Access Level Configuration
The assignment of access levels has a default configuration built into the 9145E10G. Creating
and downloading a text file called 9145E.cap to the 9145E10G can change this assignment,
however. This file contains mappings between module features and the access level required to
access the feature.
As an example the entry that controls access to the Maximum Frame Size setting looks like:
maxFrameSize=operator. This entry indicates that to change the Maximum Frame Size, a user’s
account must have “operator” access level or greater.
The default 9145E.cap file containing the 9145E10G built-in security rules is provided with the
9145E10G release. To modify the security rules, simply modify the provided 9145E.cap file and
download this modified file to the 9145E10G.
As long as the unit has not received a cap file, there is no security while managing the unit from
SNMP. Security will be enforced only from the User Interface (UI) based on the Access level;
Supervisor, Observer or Operator. In order to Enable security from SNMP, the User will need to
download the 9145E.cap file to the unit.
The default settings are defined in the original cap file provided by Canoga Perkins.
The 9145E.cap file is downloaded to the 9145E10G via the normal FTP/SFTP/TFTP in the same
manner as downloading a firmware file to the 9145E10G. The same file may be downloaded to
multiple 9145E10G's to ensure the same security rules are implemented.
If the file 9145E.cap is not downloaded to the 9145E10G, then the built-in feature to access level
mappings in the 9145E10G are used. If a feature is not present in the file “9145E.cap” that is
downloaded to the 9145E10G, then the built-in feature to access level mapping is used. If errors
are found in this file, these errors are displayed in the 9145E10G’s System log.