Managing Users and Privileges
  • 25 Sep 2024
  • 5 Minutes to read
  • Contributors
  • PDF

Managing Users and Privileges

  • PDF

Article summary

You can configure each unit to be managed by several users, each with different privileges. Privileges, also referred to as permissions, are used to grant precise levels of access to different user groups. You may choose to limit certain users to only specific configuration options, such as firmware updates, ports, etc., while others have full access to all features.


Note: You must define the permissions to assign to user groups before defining user accounts.

Setting Up Administrator Accounts

Two administrator accounts are created by default:

  • One administrator account for general purposes; its username and password are both set to admin
  • One special administrator account to allow communication with the sensor orchestration
    capabilities within Provider Connectivity Assurance (formerly Skylight orchestrator). Its username and password are both set to ptadmin.

Usernames and passwords are case-sensitive. It is recommended that you change the default passwords immediately after installation to safeguard the system (refer to "Changing Passwords"). The administrator accounts provide access to all features.


Note: To prevent losing administrator access to the Cisco Provider Connectivity Assurance Sensor Control, you cannot modify the administrator account privileges or delete the administrator accounts.


CAUTION: If you, as the administrator, forget your username or password the only way to regain access to the management Web interface is to perform a factory reset. Refer to "Restoring Factory Default Settings".

Adding or Editing User Accounts

▶ To add or edit a user account

  1. Access the page System ▶ Sessions ▶ Users.
    A list of all user accounts that have been created for this instance of the Sensor Control is displayed.

  2. Click Add or click a User Name if you want to edit a user account.

  3. In the [User name] user settings page, complete the fields, then click Apply.

For more information on specific parameters, refer to the following table.

User Settings (System ▶ Session ▶ Users)

ParameterDescription
User nameThe login name for the account.
First nameThe account holder's first name.
Last nameThe account holder's last name.
Phone numberThe account holder's phone number.
E-mailThe account holder's email address.
PasswordEnter the password for this account.

Note: Passwords for locally-authenticated users are limited to 48 characters.

Confirm PasswordRe-enter the password for this account.

Setting Permissions for a User Account

You can grant different privileges or permissions to each user account, if you have already defined both the user account and permission groups.


CAUTION: Modifying or reassigning the user groups for your account may result in you being unable to perform some tasks.

▶ To give privileges to a user account

  1. Access the page System ▶ Sessions ▶ Users.

  2. Click the user name that you want to edit.

  3. In the [User Name] user settings page, click the Permission button.
    The user's User Permission page is displayed. All available user permission groups are listed.


    Note: You can create more groups in the Session ▶ Permissions page.

  4. Select the user groups that you want to assign to this user, then click Apply.

Changing Passwords

▶ To change a user's password

  1. Access the page System ▶ Sessions ▶ Users.

  2. Click the user name that you want to edit.

  3. Enter the user's new password in both the Password and Confirm Password fields, then click Apply.


    Note: If you forget your username or password, contact your Administrator for a password reset.

For more information on specific parameters, refer to the table "User Settings (System ▶ Session ▶ Users)".

Defining Permissions for a Group of Users

You must first define group permissions, including sub permissions, before you can assign users to groups.

▶ To define permissions for a group of users

  1. Access the page System ► Session ► Permissions.

  2. Click Add or click the Group Name that you want to edit.

  3. Select the Privileges to assign to the selected user group, for sub-permissions click the + before the name of the privilege and then select from the sub-permissions group.

  4. Click Apply.


    Note: You cannot change the privileges of user group Admin. This user group has full access to all functions.

For more information on specific parameters, see below.

Group Privileges (System ► Session ► Permissions) Parameters

Group name: The name of the user permission group

Privileges: The privileges given to the user permission group allow its members to use specified Sensor Control functionality.

The following commands can be used by all users regardless of their privileges:

  • board
  • date
  • exit
  • help
  • ping
  • quit
  • sfp
  • syntax
  • tcp-connect
  • traceroute
  • version

ACL: Edit/Enable ACL settings.

Alarms: Edit/Add/Enable alarm reporting configurations.

CFM: Edit/Add the SOAM CFM feature.

+ Config: Import/Export configuration files through CLI.
Sub-Permissions:

  • import
  • export
  • rollback
  • factory

Discovery: Add/Edit/Delete/Show discovery instance.

Feature-Suites: Import/Delete/Show feature suites.

Filters: Edit/Add Layer-2 filters, IPv4 filters and VLAN:

  • filter
  • vid-set

+ Firmware: Upgrade firmware.
Sub-Permissions:

  • upgrade
  • rollback

flow broker: Edit/Show flow broker information.

flowmeter: Edit/Show flowmeter information.

History: Edit the history bucket statistics.

Log: Edit syslog configuration and view logged entries.

Loopback: Add/Edit/Enable loopback.

Management: Edit/Add management access to the Sensor Control:

  • dns
  • interface
  • inventory
  • license
  • motd
  • ntp
  • ptp
  • route
  • sfp
  • snmp
  • snmp-trap

Policies: Edit/Add/Enable policies for filtering traffic.

Port: Edit/Add/Enable port configurations:

  • port
  • statistics

RFC-2544: Add/Edit/Enable the RFC-2544 menu.

+ Remote-Device-Mgnt: Add/Edit/Delete/Show remote device information.
Sub-Permissions:

  • firmware
  • delete
  • reboot
  • delete reboot
  • factory reset

SAT-protocol: Edit/Enable Service Activation Testing protocol.

SAT-reporting: Edit/Enable Service Activation Testing reporting.

Security-Key: Import/Test/Edit/Show remote device key management settings.

+ Sessions: Manage sessions and edit session configuration:

  • RADIUS
  • TACACS+
  • reboot
  • session

Sub-Permissions:

  • reboot

TWAMP: Edit/Enable TWAMP settings.

Traffic: Edit/Enable VLAN encapsulation settings.

Users: Edit/Add and manage user accounts and permissions:

  • permission-group
  • user

VNID: Edit V-NID reflector settings.

Virtual-connection: Add/Delete/Enable/Edit/Show vce configuration.

Y.1564: Edit/Add/Enable Y.1564 test methodology

All-add: Permission to add in all sections that are viewable

All-edit: Permission to edit in all sections that are viewable

All-enable: Permission to enable in all sections that are viewable

© 2024 Cisco and/or its affiliates. All rights reserved.
 
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms

For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks



Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.