You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

In this section:

User Management provides new tools for creating and editing user accounts. 

On SBC main screen, go to Administration > Users and Application Management > User and Session Management. The User and Session Management window is displayed.

User Management

User Sessions on EMA

This section helps you to understand the number of sessions currently opened and the list of users currently working on EMA. The name of the user and the IP address from which they are accessing EMA is also provided.

User Management - User Sessions on EMA

Click Delete against any user name to remove the user from the list.

If the web browser crashes, hangs or is manually closed while logged into the EMA GUI, the EMA session will still remain open. Manual intervention by the administrator is required to terminate the session from the EMA GUI. To terminate a user session, click the "x" icon at the far right of the user session entry.

Open Netconf Sessions

This section helps you to understand the number of Netconf sessions currently opened along with the Session ID and the Session State.

User Manegement - Open Netconf Sessions

To terminate a Netconf session that is not locked, click the "x" icon at the far right of the Netconf session entry.

Create User

EMA provides an the option to create new user too.

  1. On the main screen, navigate to Administration > User and Application Management > User and Session Management.

  2. Click New User on the User and Session Management panel.

     

    User Management - Users Fields

  3. The Create User window appears:

     

    User Management - Create User



  4. Enter all the required details:
    1. User: Enter the name of user to be created. A valid user name:
      • can be alphanumeric
      • can contain maximum of 23 characters without spaces
      • can contain only . @ _ - + : special characters

        The characters #%^&(){}<>,/\;`[]=!$'*?|~ are not allowed.

    2. Role: Specify the type of Role to be assigned to this user. The options are:

       

      User Management - Role


    • Administrator: Read-write access to all commands and data spaces, except the Field Service shell. 
    • Calea: Read-write access to Lawful Intercept tables, and Read access to other tables. Only Admin user can add/remove user from this group. Only one user named “calea” is allowed in this group, and “calea” user cannot be part of any other group.
    • FieldService: Read-write access to all commands and data spaces. Also, they have access to the Field Service shell containing system debug commands including the ability to access the Linux shell login prompt. Field service does not have access to Security, Event logs and Management Audit Logs and cannot execute any commands stopping or starting these audit log services.
    • Guest: Read-only access to all commands and data spaces, except commands that deal with user accounts, logging and audit controls, TOD clock and sensitive administrative items. They do not have access to the Field Service shell, Security Event logs, and Management Audit Logs.
    • Operator: Read-write access to all commands and data spaces, except commands that deal with user accounts, logging and audit controls, TOD clock, and sensitive administrative items. They do not have access to the Field Service shell, Security Event logs, and Management Audit Logs and cannot execute any commands stopping or starting these audit log services.
    • SecurityAuditor: Access only to the security logs that are generated in SBC. SBC allows the creation of user of type Security Auditor via CLI and EMA. The SecurityAuditor will have a read-only access to view the security and management audit logs.

  5. Enter the following options:

    • Allow Interactive Access (CLI and EMA): Enable this flag to allow the user to access interactive interfaces such as CLI/EMA.
    • Allow Machine to Machine Access (REST): Enable this flag to allow the specified user machine-to-machine access to REST API.
    • Account Expiration Enabled: If checked, the current user account expires as per the account expiration parameters set in the Application Management window. As per the parameter rules set in the Application Management window, an account can expire in either of the following conditions:
    • Password Expiration Enabled: If checked, the current account will have the password expiry duration after which the user has to create a new password to login. The duration is set in the Application Management window. For more information, refer to Users and Application Management - Application Management.
    • Account Enabled: If checked, the account will be enabled immediately.
    • Access Type: Specifies the type of access that should be given to this user. The options are:
      • Public Key Only (CAC Card): The user can login only with U.S. Department of Defense's Common Access Card (CAC) for authentication.
      • Password and Public Key: The user can login with the provided password along with the U.S. Department of Defense's Common Access Card (CAC) for authentication.

  6. Click Save to save your edits

     

Any user created, will have an auto generated password. This password is set to Expire status and has to be changed at the login in-order to continue to use the account.

Once you successfully change the password for any user, you are not allowed to change it again on the same day. Only the password for an admin user can be changed more than once on the same calendar day.

Edit Users

The Access Permissions, Roles and account related information can be modified for all the existing users.

"Call Trace User" is a special category User for which the edit and the password will not be supported.

 

  1. On the User Management screen, in the view pane, highlight the account which you would like to edit.

     

    User Management - Highlight User

  2. The Edit User window appears:

     

    User Management - Edit User Window



  3. You can modify the following fields:

    • Role: You can the role of the existing user based on the option you choose for this field. For a list of available roles, refer to Create User section in the same page.
    • Allow Interactive Access (CLI and EMA): Enable this flag to allow the user to access interactive interfaces such as CLI/EMA.
    • Allow Machine to Machine Access (REST): Enable this flag to allow the specified user machine-to-machine access to REST API.
    • Account Expiration Enabled: If unchecked, the account will not have any expiration duration.
    • Password Expiration Enabled: If unchecked, the password for this account will not have any expiration duration.
    • Account Enabled: If unchecked, the account will not enabled and can not be used.
    • Access Type: Either one of the the type has to be selected.

       

      You can not edit the name of the user.



  4. Click Save to save your edits.

Reset Password

The Administrator can reset the password of all the users. 

  1. On the User Management screen, in the view pane, highlight the account for which you would like to reset the password. The Edit User window appears as shown above.

  2. Click  to reset the password of the selected user. The Temporary password for that user is created and displayed in the same window.

    user Management - Reset Password

  3. You can also click  to email your temporary password.

Use this temporary password to log on to SBC. Once you have logged in, you need to change your password again.

To know more about rules to set your password, refer to System - Admin - Password Rules.

 

  • No labels