14.2.2 Example security group structure
The three user frames in the figure below indicate for this example NNMi topology the primary groupings for which users need to view the nodes. For complete user access control, each of the four unique subgroups corresponds to a unique security group. Each unique security group can be mapped to one or more user groups to represent the available levels of user access to the objects in that security group.
Table 14-1 lists the mappings between the security groups and the possible custom user groups for this topology. An actual implementation of this security model might not require all of these custom user groups.
Table 14-2 lists the mappings for several user accounts and the user groups for this topology.
Security group |
Security group's nodes |
User groups |
Object access privileges |
---|---|---|---|
SG1 |
A, B, C |
UG1 Administrator |
Object Administrator |
UG1 Level 2 |
Object Operator Level 2 |
||
UG1 Level 1 |
Object Operator Level 1 |
||
UG1 Guest |
Object Guest |
||
SG2 |
D, E |
UG2 Administrator |
Object Administrator |
UG2 Level 2 |
Object Operator Level 2 |
||
UG2 Level 1 |
Object Operator Level 1 |
||
UG2 Guest |
Object Guest |
||
SG3 |
F, G |
UG3 Administrator |
Object Administrator |
UG3 Level 2 |
Object Operator Level 2 |
||
UG3 Level 1 |
Object Operator Level 1 |
||
UG3 Guest |
Object Guest |
||
SG4 |
H, I, J |
UG4 Administrator |
Object Administrator |
UG4 Level 2 |
Object Operator Level 2 |
||
UG4 Level 1 |
Object Operator Level 1 |
||
UG4 Guest |
Object Guest |
User account |
User groups |
Node access |
Notes |
---|---|---|---|
User Q |
NNMi Level 2 Operators |
None |
This user has operator level 2 access to the nodes in the user Q frame. |
UG1 Level 2 |
A, B, C |
||
UG2 Level 2 |
D, E |
||
UG3 Level 2 |
F, G |
||
User R |
NNMi Level 1 Operators |
None |
This user has operator level 1 access to the nodes in the user R frame. |
UG2 Level 1 |
D, E |
||
User S |
NNMi Level 2 Operators |
None |
This user has operator level 2 access to the nodes in the user S frame. |
UG3 Level 2 |
F, G |
||
UG4 Level 2 |
H, I, J |
||
User T |
NNMi Level 2 Operators |
None |
User T has access (with varying privilege levels) to all nodes in the example topology. This user has administrative access to nodes D and E but cannot see the menu items for tools that require administrative access. If granted access to the NNMi management server, this user can run command-line tools that require administrative access against nodes D and E only. |
UG1 Guest |
A, B, C |
||
UG2 Administrator |
D, E |
||
UG3 Level 2 |
F, G |
||
UG4 Level 1 |
H, I, J |