Alcatel-Lucent OmniVista Cirrus

Network Management as a Service

Role Management

The Users and User Groups Role Management Screen displays all currently-configured User Roles. The screen is used to create, edit, or delete User Roles. The User Role feature enables you to specify user rights for specific OmniVista applications and devices. A User Role is associated with a User Group to define access for users assigned to the group. OmniVista Cirrus is shipped with three pre-configured User Roles:

  • Account Admin - This is the default role assigned to user who first creates the OV Cirrus account. This User Role can access all maps and has full administrative access rights to all devices in the network. This User Role also has full administrative rights to edit the groups and users defined in the Users and Groups Application.
  • Write - This User Role can access all maps and has Read/Write access to all devices in the network.
  • Read - This User Role can access all maps and has Read access to all devices in the network.

Note: Specific rights for each OmniVista Cirrus application for the above system-defined Roles can be viewed by clicking on a Role in the Existing Roles Table to view the Details window.

Creating a User Role

Click on the Create icon to launch the Role Management Wizard and configure and create a User Role. Complete the fields as described below. Click on the Next button to move to the next window. When you are finished, click on the Create button.

Role Info and Map Access

Complete the fields below to specify which Topology maps a user can access.

  • Role Name - Enter a name for the User Role.
  • Description - Enter an optional description for the User Role.
  • Accessible Maps - Select an option from the drop-down menu to specify the maps the user can access. The user will only have access to devices in the selected map(s).
    • All Maps - The user can access all devices in the network..
    • No Maps - The user cannot access any devices in the network. The user will only have access to non-network OmniVista applications (e.g., Audit, Preferences).
    • Selected Maps - Select this option, then click on the Add/Remove Maps button to select maps the user can access.

Application Access Control

Select the OmniVista application access for the user. Only those applications you configure (either Read or Write access) will be available to the user. By default, Read access is pre-selected for Topology (if map access is configured), System Preferences and Users and User Groups. Read/Write access is pre-selected for User Preferences and Report.

Object Restrictions

Specify the VLANs and or VXLANs the user can access for VLAN/VXLAN configuration. The user will be able to perform VLAN/VXAN operations on these VLANs/VXLANs for devices specified in the Role Info and Map Access window above. This parameter is optional.

Review

Review the configuration. Click on the Back button to make any changes.

Editing a User Role

Click on a User in the Existing Users Table and click on the Edit icon. Edit any fields as necessary and/or edit the User Groups at the bottom of the screen to re-assign the User to a different User Group. When you are done, click Apply. You will be returned to the User Management Screen. Note that you cannot edit the User Login field. Note that you cannot edit a system-defined User Role.

Deleting a User Role

Select a User(s) in the Existing Users Table, click on the Delete icon, then click OK. Note that you cannot delete a system-defined User Role.

Existing Roles Table

The Existing Roles Table displays all configured Users. Click on a User Role in the table for more details.

  • Role Name - Role Name.
  • Description - Role Description.
  • System Defined - Whether the role is a system-defined role or a user-defined role.
  • Accessible Maps - The maps a user assigned to this role can access.
  • Access Control - The access/rights to OmniVista applications for a user assigned to this role.

User Role Feature

Basically, the User Role feature allows you to limit users to specific network devices and OmniVista applications. For example, OmniVista users with Admin rights can view and manage every device in the network, and have read/write access for all applications. With the User Role feature, you can limit the devices a user can manage and the applications the user can configure by creating a User Role with access to a specific Topology map and write access to specific applications.

To utilize the User Role feature, you create a User Role with access to a specific Topology map and read/write access to a specific application(s). You then create a User Group and associate that group with that User Role. And finally, you create a user and associate it with that User Group. The user would then have full administrative rights to the specified applications for all devices in the specified map.

For example, you could create a User Role (User Role 1) with access to devices in Map 1 and read/write access to the Application Visibility application. A user with this role would be able to access all devices in Map 1 and configure Application Visibility on those devices. And since a user can have multiple roles, you could create a second User Role (User Role 2) with access to Map 2 and read/write access to the CLI Scripting and assign it to the same user. That user could now configure Application Visibility on devices in Map 1, and CLI Scripting on devices in Map 2.

The table below provides some use case samples for assigning multiple User Roles to a User.

Scenario

User Role 1

User Role 2

User Role 3

Device/Application Access

Using Topology Maps to limit access to devices

Map 1
Read Access for Topology

Map 2
Write Access for Topology

Map 3
Read Access for Topology

Read Access for devices in Maps 1 and 3. Write Access for devices in Map 2

Using a combination of Topology Maps and an application, such as Application Visibility.

Map 1
Read Access for Application Visibility

Map 2
Read Access for Application Visibility

Map 3
Write Access for Application Visibility

Read Access for Application Visibility for devices in Maps 1 and 2. Write Access for Application Visibility for devices in Map 3.

Using a combination of Topology Maps and an Object (VLAN)

Map 1
VLAN 10
Read Access for Application Visibility

Map 2
VLAN 20
Read Access for Application Visibility

Map 3
VLAN 30
Write Access for Application Visibility

Read Access for Application Visibility for devices in Maps 1 and 2; and VLAN configuration allowed on those devices in VLANs 10 and 20. Write Access for Application Visibility for devices in Maps 1 and 2; and VLAN configuration allowed on those devices in VLAN 30.