Apply or Change User Group Privileges

You can apply privileges to user groups that you add to allow or deny all users within this user group the ability to perform certain operations. This includes items intended for use with separate application products. For the default LIAdministrators, administrators, provisioners, and monitor user groups, only device group privileges can be changed.

Note:

Upon installation of OCSDM, if R226 compliance is enabled, the Lawful Intercept and SIPREC features and their attributes are hidden from view and are not configurable.

User group privileges that are assigned to either the administrators or LIAdministrators user groups inherit most of the same access privileges. However, users assigned to the LIAdministrators user group have full configuration privileges to manage the Configure LI element (Lawful Intercept) in the Device configuration subfolder within the Configuration folder in the Configuration tab. Users assigned to administrators, provisioners and monitors default user groups do not have privileges to configure the Configure LI element.

Note:

If Lawful Intercept (LI) is enabled on the device, LI configuration values become encrypted on both the devices and OCSDM.

All user group privileges that are available through OCSDM are described in the following sections. You may not see some of these user group privileges in the Configuration, Device maintenance, Administrative operations, Fault management, Device groups, and Applications tabs in OCSDM until you install your product plugin.

Default Privileges for Configuration

The following table lists the default privileges for the user group Configuration.

Default Privileges

The legend used is:

• ü - Full privilege
• R – View privilege
• X – None privilege

Privilege	Admin	LI Admin	Monitors	Provisioners
Configuration	ü	ü	x	ü
Device Configuration	ü	ü	x	ü
Configure Services	ü	ü	x	ü
Configure Interfaces	ü	ü	x	ü
Configure NM Controls	ü	ü	x	ü
Configure security	ü	ü	x	ü
Configure LI	x	ü	x	x
Configure system	ü	ü	x	ü
Work order	ü	ü	x	ü
Create Work Order	ü	ü	x	ü
Execute Work Order	ü	ü	x	ü
Load device	ü	ü	x	ü
Override lock	ü	ü	x	x
Transfer configuration view	ü	ü	x	x
Entitlements	ü	ü	x	ü
Update to device	ü	ü	x	ü
Save Configuration	ü	ü	x	ü
Save and activate configuration	ü	ü	x	ü
Activate Configuration	ü	ü	x	ü
Configuration Archive	ü	ü	x	ü
Backup configurations	ü	ü	x	ü
Restore configurations	ü	ü	x	ü
Deleted archived configurations	ü	ü	x	ü

Apply User Group Privileges for Configuration

1. Expand the Security Manager slider and select User management, Groups.
2. In the User Groups pane, select the group you want to modify from the User Groups table and click Edit.
3. In the expanded group pane, click the Configuration tab and click the folder and subfolder sliders to expand the item operations list.
4. Select the item row in the operation category table that you want to modify and click the Privileges column to activate the drop-down list.
5. In the Privileges drop-down list, select the following user group privilege options for folders or items in the Configuration tab table described below:
   • Full—Allowed to perform administrative operations.
   • None—Not allowed to perform administrative operations.
   • View—Allowed to monitor only.

   Note:

   The fields described below appear if all features are enabled.

   Configuration folder	Set privilege levels for all configuration operations.
   Device configuration folder	Set privilege levels for all of the following user management operations accessible on the Device Manager slider.
   Configure services item	Set privilege levels for host-in-path (HIP) firewall functions that are allowed to pass administrative traffic to the host.
   Configure interfaces item	Set privilege levels for FTP, ICMP, SNMP, Telnet, and SSH interfaces.
   Configure NM controls item	Set privilege levels for network management controls performance group pane.
   Configure security item	Set privilege levels for the Security Manager features.
   Configure LI item	Set privilege levels for Lawful Intercept (LI) features. For the default LIAdministrators group, its privileges are set to Full. For all other default users including the administrators group, their privileges are set to None by default. For example, if you are logged in as an administrator and you try to change the privileges for this field, you will receive an error message that says the default user group permission is not allowed to be edited. Note: Upon installation of OCSDM, if R226 compliance is enabled, the Lawful Intercept and SIPREC features and their attributes are hidden from view and are not configurable.
   Configure system item	Set privilege levels for the configuration of system usage parameters.
   Route Manager Central Configuration folder	See the Oracle® Communications Route Manager User Guide for Session Delivery Products for more information about privileges that you specify in this folder.
   Work order folder	Set privilege levels for all of the following user management operations accessible for the configuration of work orders.
   Create work order item	Set privilege levels for creating a work order.
   Execute work order item	Set privilege levels for executing a work order.
   Load device item	Set privilege levels for loading a device.
   Override lock item	Set privilege levels for overriding a lock on a device.
   Transfer configuration view item	Set privilege levels for viewing a configuration.
   Entitlements item	Set privilege levels for viewing license details for an NF device.
   Update to device folder	Set privilege levels for the following device configuration operation items in this folder.
   Save configuration item	Set privilege levels for saving the configuration of a device.
   Save and activate configuration item	Set privilege levels for saving and activating the configuration of a device.
   Activate configuration item	Set privilege levels for activating the configuration of a device.
   Configuration archive folder	Set privilege levels for all of the following configuration archive operations.
   Back up configurations item	Set privilege levels for backing up configurations in the configuration archive.
   Restore configurations item	Set privilege levels for restoring configurations in the configuration archive.
   Delete archived configurations item	Set privilege levels for deleting configurations in the configuration archive.

6. Click Apply.

Default Privileges for the Device Maintenance User Group

The following table lists the default privileges for the Device Maintenance user group.

Default Privileges

Legend:

• ü - Full privilege
• R – View privilege
• X – None privilege

Privilege	Admin	LI Admin	Monitors	Provisioners
Device	ü	ü	x	ü
Reboot	ü	ü	x	ü

Apply User Group Privileges for Device Maintenance

1. Expand the Security Manager slider and select User management, Groups.
2. In the User Groups pane, select the group you want to modify from the User Groups table and click Edit.
3. Select the Device maintenance tab to modify user group privileges and click on the folder slider to expand the item operations list.
4. Choose the item row in the operation category table that you want to modify and click the Privileges column to activate the drop-down list.
5. In the Privileges drop-down list, choose the following options:
   • Full—The user group is allowed to reboot a device.
   • None—The user group is not allowed to reboot a device.
6. Click Apply.

Default Privileges for the Administrative Operations User Group

The following table lists the default privileges for the Administrative Operations user group.

Default Privileges

Legend:

• ü - Full privilege
• R – View privilege
• X – None privilege

Privilege	Admin	LI Admin	Monitors	Provisioners
Administrative operations	ü	ü	x	ü
Security Administration	ü	ü	x	x
Group Operations	ü	ü	x	x
Add Group	ü	ü	x	x
Update group	ü	ü	x	x
Delete Group	ü	ü	x	x
User Operations	ü	ü	x	x
Add Users	ü	ü	x	x
Update Users	ü	ü	x	x
Delete Users	ü	ü	x	x
Reset password	ü	ü	x	x
Change password	ü	ü	x	x
Change inactivity timer	ü	ü	x	x
Change Password Rule	ü	ü	x	x
Password notification	ü	ü	x	x
Edit login Banner	ü	ü	x	x
Device Group	ü	ü	x	ü
Add device	ü	ü	x	ü
Remove device	ü	ü	x	ü
Move device	ü	ü	x	ü
Activate device	ü	ü	x	ü
Change password message interval	ü	ü	x	x
View All audit logs	ü	ü	x	x
View own audit logs	ü	ü	x	x
Change audit log auto purge interval	ü	ü	x	x
Export audit logs	ü	ü	x	x
Manual audit log purge	ü	ü	x	x
View health monitor console	ü	ü	x	x
Change configuration archive settings	ü	ü	x	x
Update OS/System account password	ü	ü	x	x
Authentication	ü	ü	x	x
Server Diagnostics	ü	x	x	x
KPI operations	ü	ü	x	ü

Apply User Group Privileges for the Administrative Operations

1. Expand the Security Manager slider and select User management, Groups.
2. In the User Groups pane, choose the group you want to modify from the User Groups table and click Edit.
3. In the expanded group pane, click the Administrative operations tab and click the folder and subfolder sliders to expand the item operations list.
4. Choose the item row in the operation category table that you want to modify and click the Privileges column to activate the drop-down list.
5. In the Privileges drop-down list, choose the following user group privilege options for folders or items in the Administrative operations tab table described below:
   • Full—(Default) Allowed to perform administrative operations.
   • None—Not allowed to perform administrative operations.
   • View—Allowed to monitor only.

   Administrative operations folder	Set privilege levels for all of the following administrative operations.
   Security administration folder	Set privilege levels for all of the following user management operations accessible on the Security Manager slider.
   Group operations folder	Set privilege levels for all group item operations.
   Add group item	Set privilege levels to add a new device group.
   Update group item	Modify groups.
   Delete group item	Delete existing groups.
   User operations folder	Set privilege levels for all the following user operations accessible on the Security Manager slider.
   Add users item	Create new users.
   Update users item	Modify user information.
   Delete users folder	Delete existing users.
   Reset password item	Reset the password for a user who needs to login to Oracle Communications Report Manager.
   Change password item	Change another user’s password used to login to Oracle Communications Report Manager.
   Change inactivity timer item	Change the inactivity timer, which logs off the user if the client is no longer being used.
   Change Password Rule item	Configure the password rules used when creating a new user.
   Edit login banner	Edit the login banner for users logging into Oracle Communications Report Manager.
   Password notification	Change the notification interval.
   Device group folder	Assign privilege for all functions pertaining to a device group (see below).
   Add device group item	Set privilege levels to add a new network function containing a device group for either device(s) or a device cluster.
   Delete device group item	Delete a device group.
   Move device group item	Move a device group.
   Rename device group item	Rename a device group.
   Device folder	Assign privilege to all of the following device operations accessible through the Device Manager and Configuration Manager sliders.
   Activate device	Activate a new device.
   Add device item	Add a new device.
   Remove device item	Remove an existing device.
   Move device item	Move a device.
   KPI Operation item	Set privilege levels to get device KPIs, register KPIs, deregister KPIs, or update registered KPIs.
   Edit login banner item	Allow users of a group to change the informational banner seen when a user logs into OCSDM.
   Change password message interval item	Send alert that prompts user to change their password a certain number of days before their password expires.
   View all audit logs item	View all audit logs.
   View own audit log item	View only personal audit log.
   Change audit log auto purge interval item	Configure the number of days of audit logs to keep.
   Export audit logs item	Export all of an audit log to a file.
   Manual audit log purge item	Manually purge audit logs.
   View health monitor console item	Access health monitor console to detect issues.
   Change configuration archive settings item	Change configuration archive settings.
   Update OS/System account password item	Update the operating system and the system account password.
   Authentication item	Update authentication parameters.
   Server Diagnostics item	Access to server diagnostics.

6. Click Apply.

Default Privileges for the Fault Management Operations User Group

The following table lists the default privileges for the Fault Management Operations user group.

Default Privileges

Legend:

• ü - Full privilege
• R – View privilege
• X – None privilege

Privilege	Admin	LI Admin	Monitors	Provisioners
Fault Management	ü	ü	ü	ü
Events and alarms	ü	ü	ü	ü
Alarms	ü	ü	ü	ü
Set email notification	ü	ü	ü	ü
Delete alarm	ü	ü	ü	ü
Remap severities	ü	ü	x	x
Events	ü	ü	ü	ü
Delete events	ü	ü	ü	ü
Configure trap receiver	ü	ü	x	x

Apply User Group Privileges for Fault Management Operations

An element manager system (EMS) must be licensed to apply user-group privileges for fault management operations that apply to the events and alarms that appear on the Fault Manager slider.

1. Expand the Security Manager slider and select User management, Groups.
2. In the User Groups pane, choose the group you want to modify from the User Groups table and click Edit.
3. Click the Fault management tab and click the folder and subfolder sliders to expand the item operations list.
4. Choose the item row in the operation category table that you want to modify and click the Privileges column to activate the drop-down list.
5. In the Privileges drop-down list, choose the following user group privilege options for folders or items in the Fault management tab table described below:
   • Full—Allowed to perform event or alarm operations.
   • None—Not allowed to perform event or alarm operations.

   Fault management folder	If the None privilege is chosen, the Fault Manager slider does not appear in the OCSDM GUI.
   Events and Alarms folder	Assign the privileges for all of the following event and alarm operations accessible on the Fault Manager slider.
   Alarms folder	Assign the privileges for all of the following alarm operations accessible on the Fault Manager slider.
   Set email notification item	Create an email list for alarms.
   Delete alarm item	Delete alarms.
   Remap severities item	Edit the alarm severity levels.
   Events folder	Assign the privileges for all of the following event operations accessible on the Fault Manager slider.
   Delete events item	Delete events.
   Configure trap receiver item	Assign privileges to configure a trap receiver.

6. Click Apply.

Default Privileges for the Device Groups User Group

The following table lists the default privileges for the Device Groups user group.

Default Privileges

Legend:

• ü - Full privilege
• R – View privilege
• X – None privilege

Privilege	Admin	LI Admin	Monitors	Provisioners
Device Groups	*	*	*	*
Devices	*	*	*	*

Note:

* - The privileges will be set default as ‘Full’ for the user group that adds the device. For other user groups, the default privilege is set to ‘None’. The privileges can be changed to ‘Full’, ‘None’ or ‘View’ for all the user groups.

Apply User Group Privileges for Device Groups

Use this task to apply user-group privileges for device groups that appear on the Device Manager slider.

1. Expand the Security Manager slider and select User management, Groups.
2. In the User Groups pane, select the group you want to modify from the User Groups table and click Edit.
3. Click the Device groups tab.
4. In the Device groups box table, complete the following fields:

   Include children check box

   (Optional) Check the check box to select all children of the device group. Next select either Set all to None or Set all to Full have no privileges or full privileges respectively for the children of the device group.

   Home item

   (Default device group) In the Privileges column drop-down list, choose the following user group privilege options for items in the Device groups box table described below: Full—(Default) Allowed to perform device group operations. None—Users do not have authorization to the device group. View—Users can view the group on the Device Manager slider, but cannot perform any operations such as adding or deleting a child group.

   The Preview box displays the device group based on the privileges that are assigned (Full, View).
5. Repeat the previous step for other device groups (if there are any).
6. Click Apply.

Default Privileges for Route Manager User Group

The following table lists the default privileges for the Route Manager user group.

Default Privileges

Legend:

• ü - Full privilege
• R – View privilege
• X – None privilege

Privilege	Admin	LI Admin	Monitors	Provisioners
Route manager Central Configuration	ü	ü	x	ü
Configure route Set	ü	ü	x	ü
Configure Templates	ü	ü	x	ü
Backup/Restore	ü	ü	x	ü
Device operation	ü	ü	x	ü

Apply User Group Privileges for Route Manager

Use this task to apply user-group privileges for Oracle Communications Session Delivery Manager configurations.

Depending on your user privileges in Oracle Communications Session Delivery Manager, you can enable privileges to configure route set groups and templates, perform backups or restore route sets, and perform route set operations on devices.

1. On the navigation bar, select Security Manager, User management, Groups.
2. In the User Groups pane, select the group you want to modify from the User Groups table and click Edit.
3. In the expanded group pane, click the Configuration tab and expand the Route Management Central configuration folder and expand it to expose the following folder items:

   Configure route set item	Click this item row to activate the Privileges drop-down list to do the following operations: Select Full to enable the Route Sets, Route Search, and Route Set Compare tabs to appear. These tabs are used to add, configure and manage route sets, and retrieve LRT files. Select View to view the route set configuration only. Select None to disable route set operations and make them disappear from the GUI.
   Configure templates item	Click this item row to activate the Privileges drop-down list to do the following operations: Select Full to enable the Import Template tab. This tab is used to configure the templates that are used to map CSV file columns to route properties, and import CSV files. Select View to view configuration templates only. Select None to disable template operations and make them disappear from the GUI.
   Backup/Restore item	Click this item row to activate the Privileges drop-down list to do the following operations: Select Full to enable the Route Set Backups and Route Set Scheduled Backups tabs. These tabs are used to create backup files of the route set(s) and restore the backup files to the device. Select View to view backup files of the route set(s) only. Select None to disable backup operations and make them disappear from the GUI.
   Device operation item	Click this item row to activate the Privileges drop-down list to do the following operations: Select Full to enable the Device Route Sets, Associated Devices, Device Route Set Updates, and Update Task History tabs. These tabs are used to add route sets to devices, view the route sets associated with each device, update route sets, and update task histories. Select View to view route set device information only. Select None to disable route set device operations and make them disappear from the GUI.

4. Click Apply.

Default Privileges for the Applications User Group

The following table lists the default privileges for the Applications user group.

Default Privileges

Legend:

• ü - Full privilege
• R – View privilege
• X – None privilege

Privilege	Admin	LI Admin	Monitors	Provisioners
Applications	ü	ü	ü	ü
Report Manager	ü	ü	x	ü
Execute Reports	x	x	x	x
Administration	ü	ü	x	ü
Configure Retention policy	ü	ü	x	ü
Register BI Publisher	ü	ü	x	ü
Maintenance manager	ü	ü	x	ü
Manage element states	ü	ü	x	R
Device Health Monitor	ü	ü	ü	ü
Monitor group configuration	ü	ü	x	ü
Plugin Management	ü	ü	R	R
Actions	ü	ü	R	R
Fraud Protection management	ü	ü	R	ü
Administration	ü	ü	x	x
Fraud protection List	ü	ü	R	ü
Archive	ü	ü	x	ü

Apply User Group Privileges for Applications

1. Expand the Security Manager slider and select User Management, Groups.
2. In the User Groups pane, select the group you want to modify from the User Groups table and click Edit.
3. Select the Applications tab and click to expand the Applications folder.
4. Select any folder or folder item row that are described in the table below that you want to modify and click the Privileges column to activate the drop-down list.
   Select the following privilege from the Privileges drop-down list:

   • Full—Enable GUI elements (such as tabs) to perform configuration operations.
   • View—View information only.
   • None—Disable configuration operations and make them disappear from the GUI.

   Note:

   You must set the Execute Reports item privilege level to Full. See the table below for more information.

   Application folder	Set privilege levels for all application operations.
   Report Manager folder	Set privilege levels for all reporting operations accessible on the Report Manager slider.
   Execute Reports item	You must set the privilege level for users belonging to a group to run reports full privileges so that collection reports can be configured.
   Administration folder	Set all administration privileges for Oracle Communications Report Manager.
   Configure Retention Policy item	Set privilege levels for a user group to create a retention policy for retaining Historical Data Recording (HDR) data over a period of time.
   Register BI Publisher item	Set privilege levels for the Oracle Communications Report Manager to register with the Oracle Communications Session Delivery Manager before creating and running reports.
   Plugin Management folder	Set administrative privileges for plugin management.
   Actions item	Set plugin action privileges for a user assigned to the Plugin Management group to perform upload, install, uninstall, edit, delete, and recover actions.

5. Click Apply.