Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
Configuring Security Groups
Tip If you plan to integrate NNMi with a directory service for consolidating the storage of user names, passwords, and, optionally, NNMi user group assignments, complete that configuration before configuring NNMi security.
NNMi provides the following ways to configure security:
- The Security Wizard in the NNMi console is useful for visualizing the security configuration. The View Summary of Changes page presents a list of unsaved changes from the current wizard session. It also identifies potential problems with the security configuration.
- The forms in the NNMi console for individual security objects are useful for concentrating on one aspect of the security configuration at a time.
- The
nnmsecurity.ovpl
command-line interface is useful for automation and bulk operations. The tool also provides reports of potential problems with the security configuration.
The process of defining and configuring NNMi security to limit users’ access to objects in the NNMi topology is a cyclical process. This high-level procedure describes one approach to configuring NNMi security.
Tip This example moves from security groups to user accounts. For examples of configuring NNMi security from user accounts to security groups, search for “Configure Security Example” in the NNMi help.
Note the following about configuring NNMi security:
- The security group that NNMi assigns to a discovered node is set by the value of the Initial Discovery Security Group for the tenant associated with that node.
- When you use the NNMi security model without also configuring NNMi tenants, all nodes are assigned to the Default Tenant.
One high-level approach to planning and configuring NNMi security is as follows:
- Analyze the managed network topology to determine the groups of nodes to which NNMi users need access.
-
Remove the default associations between the predefined NNMi user groups and the Default Security Group and the Unresolved Incidents security group.
Doing this step assures that users do not inadvertently obtain access to nodes they should not be managing. At this point, only NNMi administrators can access objects in the NNMi topology.
-
Configure a security group for each subset of nodes. Remember that a given node can belong to only one security group.
- Create the security groups.
- Assign the appropriate nodes to each security group.
-
-
For each security group, configure a user group for each level of NNMi user access.
- If you are if storing user group membership in the NNMi database, no users are mapped to these user groups yet.
- If you are storing user group membership in a directory service, set the Directory Service Name field for each user group to the distinguished name of that group in the directory service.
- Map each custom user group to the correct security group. Set the appropriate object access privilege for each mapping.
-
-
Configure user accounts.
-
If you are storing user group membership in the NNMi database, do the following:
- Create a user account object for each user who can access the NNMi console. (The process of configuring user accounts depends on whether you are using a directory service for NNMi console logon.)
- Map each user account to one of the predefined NNMi user groups (for access to the NNMi console).
- Map each user account to one or more custom NNMi user groups (for access to topology objects).
- If you are storing user group membership in a directory service, verify that each user belongs to one of the predefined NNMi user groups and one or more custom user groups.
-
- Verify the configuration as described in Verifying the Configuration.
-
Maintain the security configuration.
- Watch for nodes added to the Default Security Group, and move these nodes to the correct security groups.
- Add new NNMi console users to the correct user groups.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to network-management-doc-feedback@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: