14.4.4 Verifying the configuration
To verify that the security configuration is correct, verify each aspect of the configuration separately. This subsection describes some approaches to verifying the configuration. Other approaches are possible.
- Note
NNMi provides reports of possible security configuration errors. Access these reports by choosing Security Reports from the Tools menu in the NNMi console. Alternatively, you can access the reports by using the nnmsecurity.ovpl command with the -displayConfigReport option specified.
- Verifying security group-to-node assignments
Verify that each node is assigned to the correct security group by using one of the following methods:
Sort the Nodes or Nodes (All Attributes) inventory view by security group, and then examine the groupings.
Use the nnmsecurity.ovpl command with the -listNodesInSecurityGroup option specified.
- Verifying user group-to-security group assignments
Verify which user groups are mapped to each security group by using one of the following methods:
Sort the Security Group Mapping view by user group or security group, and then examine the groupings. Also verify the object access privilege for each mapping.
On the Map User Groups and Security Groups tab of the Security Wizard, select one user group or security group at a time to see the current mappings for that object.
Use the nnmsecurity.ovpl command with the -listUserGroupsForSecurityGroup option specified.
- Verifying that each user has NNMi console access
For NNMi console access, ensure that each user is assigned to one of the predefined NNMi user groups:
NNMi Administrators
NNMi Level 1 Operators
NNMi Level 2 Operators
NNMi Guest Users
All other user group assignments provide access to objects in the NNMi database.
Users without NNMi console access are listed on the View Summary of Changes tab of the Security Wizard. The Security Reports menu item under the Tools menu and the -displayConfigReport usersWithoutRoles option to the nnmsecurity.ovpl command also provide this information.
- Verifying user-to-user group assignments
Verify user group membership by using one of the following methods:
Sort the User Account Mapping view by user account or user group, and then examine the groupings.
On the Map User Accounts and User Groups tab of the Security Wizard, select one user account or user group at a time to see the current mappings for that object.
Use the nnmsecurity.ovpl command with the -listUserGroups and -listUserGroupMembers options specified.
- Verifying tenant-to-node assignments
One approach to verifying that each node is assigned to the correct tenant is to sort the Nodes or Nodes (All Attributes) inventory view by tenant, and then examine the groupings.
- Verifying current user settings
To verify the NNMi console access for the currently logged-on user, click Help, and then click System Information. The User Information section on the Product tab lists the following information for the current NNMi session:
User name as defined for the user account in the NNMi database or the accessed directory service.
NNMi role, which corresponds to the most privileged of the predefined NNMi user groups to which the user is mapped (NNMi Administrators, NNMi Level 2 Operators, NNMi Level 1 Operators, or NNMi Guest Users). This mapping determines which actions are available within the NNMi console.
User groups mapped to this user name. This list includes the predefined NNMi user group that sets the NNMi role and any other user groups that provide access to objects in the NNMi database.