|
|
The security management module of NMS provides an authorized mode of performing the security operations for a group or user. This feature is facilitated by making a configuration in the startup options of security module.
To enable authorization support
Before you start the NMS server, edit the file NmsProcessesBE.conf present in <WebNMS Home>/conf directory.
Go to com.adventnet.nms.security.authorization.NmsAuthManager process.
By default the argument authorization_for_security_administration is set false. Configure this value as true.
Save the file and then start the NMS server.
On setting the authorization_for_security_administration to true, the authorization support is enabled for all security operations. Thereby the users will not be able to perform the operations and set permissions (for which they are not authorized to do so) in the Security Administration UI.
An Example
Here is an example that captures two different scenarios - authorized mode for security operations and unauthorized mode of security operations. On performing this example you will understand the difference between an authorized and unauthorized mode of performing security operations. Follow the steps given below to accomplish the task.
Step 1:
Before starting the NMS server, set the authorization_for_security_administration argument as true in NmsProcessesBE.conf file present in <WebNMS Home>/conf directory. This is the authorized mode.
Step 2:
Start the NMS server and log in to the client as an administrator with default user ID root and password public. Invoke the Security Administrator UI by choosing Tools > Security Administration from the menu bar.
Step 3:
Right-click Groups node in Security tree and click AddGroup. Create a new group Group1. Click Next. In the Permissions tree hierarchy, enable Security Administration node and then disable Add Group, Remove Group, and Remove Operation operations. A screen shot depicting the configuration is given below. For more information on creating a new group, refer to Adding a New Group.
Step 4:
Right-click the Users node in Security tree and click AddUser. Create a new user 'Group1User' with password group. In the final screen of the wizard, select Group1 under Assign Groups for the user field and click Finish. You have now associated the user Group1User with the group Group1. For more information on creating a new user, refer to Adding a New User.
Click Finish and quit the Security Administration UI and the WebNMS client.
Step 5:
Log in to the client again with user ID Group1User and password Group. From the Tools menu, choose Security Administration. The Security Administration window is displayed.
Now try adding a new group. A message Group1User is not authorized to perform the operation is displayed.
This occurs because we have disabled this particular user from adding a new group. Similarly, try removing an existing group and removing an existing operation. The same message is displayed.
Step 6:
Close the client and shut down the server. Set the authorization_for_security_administration argument as false in NmsProcessesBE.conf file present in <WebNMS Home>/conf directory. This is the unauthorized mode. Now restart the server and log in to the client with user ID Group1User and password Group. From Tools menu, choose Security Administration. The Security Administration window is displayed.
Now try adding a new group. You will be able to create the group and no error message is displayed. This is because no authorization support is provided for performing the security operations alone.
|
|