Hitachi

Job Management Partner 1 Version 10 Job Management Partner 1/Consolidated Management 2/Network Node Manager i Setup Guide

12.1 Effects of limiting object access

Configuring NNMi security has the following impacts:

Topology inventory objects:

  • Each NNMi console user sees only those nodes that match the configuration for that user's NNMi user account.

  • Sub-node objects, such as interfaces, inherit the access control from the node.

  • Inter-node objects, such as connections, are visible only if the NNMi console user can see at least one of the nodes involved.

  • An NNMi console user sees only those node groups for which that user can access at least one node in the group.

Maps and path views:

  • Maps show connections for which the NNMi console user has permission to view both of the participating nodes.

  • Path views that include any nodes in non-default Overlapping Address Domain (OAD) tenants are not supported.

Incidents:

  • For incidents whose source node is in the NNMi topology, an NNMi console user sees only the incidents for which the user has access to the source node.

  • Incidents that do not have a source node, such as NNMi health and licensing management event incidents, are handled as a group. The NNMi administrator determines which NNMi console users see them (by associating the users with the Unresolved Incidents security group).

  • Incidents that result from traps for which the source node is not in the NNMi topology are handled in the same way as incidents with no source node. If NNMi is configured to generate these incidents, the NNMi administrator determines which NNMi console users see them (by associating the users with the Unresolved Incidents security group).

The incident assignment action does not check user access. It is possible for an NNMi administrator to assign an incident to an NNMi console user who does not have permission to view that incident.

NNMi console actions:

  • For actions that run without any selections, an NNMi console user sees only those actions the user has permission to run.

  • For actions that run against one or more selected objects, an NNMi console user must have the correct access level to the selected objects. Depending on the security configuration, the NNMi console might present actions that are not valid on some of the objects visible in the NNMi console views. Invoking one of these actions results in an error message regarding this limitation.

  • For map views, NNMi cannot distinguish between unknown nodes and nodes that exist in the NNMi topology but are not accessible by the current user.

MIB browser and Line Grapher:

  • An NNMi console user can view MIB data and graphs for nodes to which the user has access.

  • An NNMi console user can view MIB data for nodes for which the user knows the SNMP community string.

NNMi console URLs:

Users must sign in to NNMi before accessing an NNMi console view from a direct URL. NNMi enforces that user's access according to the NNMi security configuration and limits the available topology accordingly.

To Page Top

Trademarks

All Rights Reserved. Copyright (C) 2012, 2014, Hitachi, Ltd.

Copyright (C) 2009 Hewlett-Packard Development Company, L.P.

This software and documentation are based in part on software and documentation under license from Hewlett-Packard Company.