Managing Users and Privileges

You can configure each unit to be managed by several users, each with different privileges. Privileges, also referred to as permissions, are used to grant precise levels of access to different user groups. You may choose to limit certain users to only specific configuration options, such as firmware updates, ports, etc., while others have full access to all features.

Setting Up Administrator Accounts

Two administrator accounts are created by default:

• One administrator account for general purposes; its username and password are both set to admin
• One special administrator account to allow communication with the Skylight orchestrator. Its username and password are both set to ptadmin.

Usernames and passwords are case-sensitive. It is recommended that you change the default passwords immediately after installation to safeguard the system (refer to "Changing Passwords"). The administrator accounts provide access to all features.

Adding or Editing User Accounts

▶ To add or edit a user account

1. Access the page System ▶ Sessions ▶ Users.
   A list of all user accounts that have been created for this instance of the Sensor Control is displayed.

2. Click Add or click a User Name if you want to edit a user account.

3. In the [User name] user settings page, complete the fields, then click Apply.

For more information on specific parameters, refer to the following table.

User Settings (System ▶ Session ▶ Users)

Setting Permissions for a User Account

You can grant different privileges or permissions to each user account, if you have already defined both the user account and permission groups.

▶ To give privileges to a user account

1. Access the page System ▶ Sessions ▶ Users.

2. Click the user name that you want to edit.

3. In the [User Name] user settings page, click the Permission button.
   The user's User Permission page is displayed. All available user permission groups are listed.
   

   ---

   Note: You can create more groups in the Session ▶ Permissions page.

   ---

4. Select the user groups that you want to assign to this user, then click Apply.

Changing Passwords

▶ To change a user's password

1. Access the page System ▶ Sessions ▶ Users.

2. Click the user name that you want to edit.

3. Enter the user's new password in both the Password and Confirm Password fields, then click Apply.

   ---

   Note: If you forget your username or password, contact your Administrator for a password reset.

   ---

For more information on specific parameters, refer to the table "User Settings (System ▶ Session ▶ Users)".

Defining Permissions for a Group of Users

You must first define group permissions, including sub permissions, before you can assign users to groups.

▶ To define permissions for a group of users

1. Access the page System ► Session ► Permissions.

2. Click Add or click the Group Name that you want to edit.

3. Select the Privileges to assign to the selected user group, for sub-permissions click the + before the name of the privilege and then select from the sub-permissions group.

4. Click Apply.
   

   ---

   Note: You cannot change the privileges of user group Admin. This user group has full access to all functions.

   ---

For more information on specific parameters, see below.

Group Privileges (System ► Session ► Permissions) Parameters

Group name: The name of the user permission group

Privileges: The privileges given to the user permission group allow its members to use specified sensor: control functionality.

The following commands can be used by all users regardless of their privileges:

• board
• date
• exit
• help
• ping
• quit
• sfp
• syntax
• tcp-connect
• traceroute
• version

ACL: Edit/Enable ACL settings.

Alarms: Edit/Add/Enable alarm reporting configurations.

CFM: Edit/Add the SOAM CFM feature.

+ Config: Import/Export configuration files through CLI.
Sub-Permissions:

• import
• export
• rollback
• factory

Discovery: Add/Edit/Delete/Show discovery instance.

Feature-Suites: Import/Delete/Show feature suites.

Filters: Edit/Add Layer-2 filters, IPv4 filters and VLAN:

• filter
• vid-set

+ Firmware: Upgrade firmware.
Sub-Permissions:

• upgrade
• rollback

flow broker: Edit/Show flow broker information.

flowmeter: Edit/Show flowmeter information.

History: Edit the history bucket statistics.

Log: Edit syslog configuration and view logged entries.

Loopback: Add/Edit/Enable loopback.

Management: Edit/Add management access to the Sensor Control:

• dns
• interface
• inventory
• license
• motd
• ntp
• ptp
• route
• sfp
• snmp
• snmp-trap

Policies: Edit/Add/Enable policies for filtering traffic.

Port: Edit/Add/Enable port configurations:

• port
• statistics

RFC-2544: Add/Edit/Enable the RFC-2544 menu.

+ Remote-Device-Mgnt: Add/Edit/Delete/Show remote device information.
Sub-Permissions:

• firmware
• delete
• reboot
• delete reboot
• factory reset

SAT-protocol: Edit/Enable Service Activation Testing protocol.

SAT-reporting: Edit/Enable Service Activation Testing reporting.

Security-Key: Import/Test/Edit/Show remote device key management settings.

+ Sessions: Manage sessions and edit session configuration:

• RADIUS
• TACACS+
• reboot
• session

Sub-Permissions:

• reboot

TWAMP: Edit/Enable TWAMP settings.

Traffic: Edit/Enable VLAN encapsulation settings.

Users: Edit/Add and manage user accounts and permissions:

• permission-group
• user

VNID: Edit V-NID reflector settings.

Virtual-connection: Add/Delete/Enable/Edit/Show vce configuration.

Y.1564: Edit/Add/Enable Y.1564 test methodology

All-add: Permission to add in all sections that are viewable

All-edit: Permission to edit in all sections that are viewable

All-enable: Permission to enable in all sections that are viewable