Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
Verifying the Configuration
To verify that the security configuration is correct, verify each aspect of the configuration separately. This section describes some approaches to verifying the configuration. Other approaches are possible.
Note NNMi provides reports of possible security configuration errors. Access these reports with Tools > Security Reports in the NNMi console and with the -displayConfigReport option to the nnmsecurity.ovpl command.
Verify security group-to-node assignments
One approach to verifying that each node is assigned to the correct security group is to sort the Nodes or Nodes (All Attributes) inventory view by security group, and then examine the groupings.
Another approach is to use the -listNodesInSecurityGroup option to the nnmsecurity.ovpl command.
Verify user group-to-security group assignments
One approach to verifying which user groups are mapped to each security group is to sort the Security Group Mappings view by user group or security group, and then examine the groupings. Also verify the object access privilege for each mapping.
Alternatively, on the Map User Groups and Security Groups page of the Security Wizard, select one user group or security group at a time to see the current mappings for that object.
Another approach is to use the -listUserGroupsForSecurityGroup option to the nnmsecurity.ovpl command.
Verify that each user has NNMi console access
For NNMi console access, ensure that each user is assigned to one of the predefined NNMi user groups (listed from highest to lowest):
- NNMi Administrators
- NNMi Level 2 Operators
- NNMi Level 1 Operators
- NNMi Guest Users
All other user group assignments provide access to objects in the NNMi database.
Note The NNMi Global Operators Users Group provides access to topology objects only. Unless a globalops user is also associated with a User Group with NNMi Console access (such as level2, level1, or guest), that user will not be able to access the NNMi console.
Users without NNMi console access are listed on the View Summary of Changes page of the Security Wizard. The Tools > Security Reports menu item and the -displayConfigReport usersWithoutRoles option to the nnmsecurity.ovpl command also provide this information.
Note Each Tools and Action menu item provided in the NNMi Console is associated with a default NNMi role. (To determine the default NNMi Role assigned to each Action menu item, see Actions Provided by NNMi in the NNMi help.) If you change the setting for a menu item provided by NNMi to a role that is a lower level role than the default NNMi role assigned to the menu item,NNMi ignores that change. Any User Group with the lower level role than the default NNMi role cannot access the menu item.
Verify user-to-user group assignments
One approach to verifying user group membership is to sort the User Account Mappings view by user account or user group, and then examine the groupings.
Alternatively, on the Map User Accounts and User Groups page of the Security Wizard, select one user account or user group at a time to see the current mappings for that object.
Another approach is to use the -listUserGroups and -listUserGroupMembers options to the nnmsecurity.ovpl command.
Verify tenant-to-node assignments
One approach to verifying that each node is assigned to the correct tenant is to sort the Nodes or Nodes (All Attributes) inventory view by tenant, and then examine the groupings.
Verify current user settings
To verify the NNMi console access for the currently logged-on user, click Help > System Information. The User Information section on the Product tab lists the following information for the current NNMi session:
- User name as defined for the user account in the NNMi database or the accessed directory service.
- NNMi role, which corresponds to the most privileged of the predefined NNMi user groups (NNMi Administrators, NNMi Level 2 Operators, NNMi Level 1 Operators, and NNMi Guest Users) to which the user is mapped. This mapping determines which actions are available within the NNMi console.
- User groups mapped to this user name. This list includes predefined NNMi user group that sets the NNMi role and any other user groups that provide access to objects in the NNMi database.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to network-management-doc-feedback@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: