14.3.2 Example tenant structure
The figure below shows an example NNMi topology consisting of two tenants. The three frames for users L, M, and N indicate the primary groupings for which users need to view the nodes. The topology for Tenant 1 is managed as a single group, so it needs only one security group. The topology for Tenant 2 is managed in overlapping sets, so it is separated into three security groups.
Table 14-3 lists the mappings between the security groups and the possible custom user groups for this topology. (An actual implementation of this security model might not require all of these custom user groups.)
Table 14-4 lists the mappings for several user accounts and the user groups for this topology.
Security group |
Security group's nodes |
User groups |
Object access privileges |
---|---|---|---|
T1 SG |
A, B, C, D, E |
T1 Administrator |
Object Administrator |
T1 Level 2 |
Object Operator Level 2 |
||
T1 Level 1 |
Object Operator Level 1 |
||
T1 Guest |
Object Guest |
||
T2 SGa |
F, G |
T2_a Administrator |
Object Administrator |
T2_a Level 2 |
Object Operator Level 2 |
||
T2_a Level 1 |
Object Operator Level 1 |
||
T2_a Guest |
Object Guest |
||
T2 SGb |
H |
T2_b Administrator |
Object Administrator |
T2_b Level 2 |
Object Operator Level 2 |
||
T2_b Level 1 |
Object Operator Level 1 |
||
T2_b Guest |
Object Guest |
||
T2 SGc |
I, J |
T2_c Administrator |
Object Administrator |
T2_c Level 2 |
Object Operator Level 2 |
||
T2_c Level 1 |
Object Operator Level 1 |
||
T2_c Guest |
Object Guest |
User account |
User groups |
Node access |
Notes |
---|---|---|---|
User L |
NNMi Level 2 Operators |
None |
This user has operator level 2 access to the nodes in the user L frame, which groups all nodes in Tenant 1. |
T1 Level 2 |
A, B, C, D, E |
||
User M |
NNMi Level 1 Operators |
None |
This user has operator level 1 access to the nodes in the user M frame, which groups a subset of the nodes in Tenant 2. |
T2_a Level 1 |
F, G |
||
T2_b Level 1 |
H |
||
User N |
NNMi Level 2 Operators |
None |
This user has operator level 2 access to the nodes in the user N frame, which groups a subset of the nodes in Tenant 2. |
T2_b Level 2 |
H |
||
T2_c Level 2 |
I, J |