Permissions are used to allow users to have access to functionality and information. The permissions available include:

Permission sets are groups of permissions. Users and Keys have permission sets associated to them.

Mobile users can be defined in the Network Management Systems using the Configuration Assistant Mobile User Administration tab. An administrator can create the predefined username using the Mobile Users section by hitting the Add button and filling out the Add/Edit Mobile User Information panel and saving the changes.

Operations Mobile Application users can enter the username/password as authorized in this section to gain access to the application functionality.

Mobile users may be created on the mobile client when the user is given a key authorizing the creation of a mobile user. In the mobile app login page, the user can check the new user box and enter in a new username, password, and the provided new user key and create a new mobile user.

The keys required to create a mobile user from the mobile application are maintained in the mobile_new_user_keys database table in the Network Management System. This table can be managed using the Network Management System Configuration Assistant Mobile User Administration tab in the Current Keys section. Simply add a new key with an availability count greater than zero, the key can be used by a mobile app user to create a new username/password into the system. The number of times this key can be user is based on the available number, each time the key is used, the available number is decremented.

To create a key for the mobile application, click the Add button at the bottom of the Network Management System Configuration Assistant Mobile User Administration Current Keys section and filling out the Add/Edit Mobile Keys Information panel and saving the changes.

If a key contains a crew type and crew prefix, a crew will be created automatically for the users created with the key.

For more details on the Configuration Assistant Mobile User Administration, refer to the Oracle Utilities Network Management System User’s Guide and the Oracle Utilities Network Management System Configuration Guide.

LDAP/AD users can be configured to work with OMA. However, if you plan to support both OMA authenticated users, Predefined or Keys (as described in the previous two sections), then you need to force OMA authenticated users to have a user name prefix to eliminate potential conflicts with LDAP/AD user names. To specify a user name prefix requirement for OMA authenticated users, specify the Crew Prefix in the Configuration Assistant’s Mobile Users tab’s Current Keys section.

LDAP validation can occur in one of two places: the nms-ws WebLogic authentication scheme or the cesejb WebLogic authentication scheme. If the RESTful service calls contain an http header nmsWsValidate: true, then the nms-ws WebLogic authentication scheme will be used first prior to attempting to use the cesejb WebLogic authentication scheme. Otherwise, without the nmsWsValidation header, only the cesejb WebLogic authentication scheme will be used.

To configure LDAP/AD user validation for OMA, there are two lines that need to be enabled in the CentricityServer.properties file. Uncomment the last two lines, as shown below:

Further, in the MOBILE_NEW_USER_KEYS, the value for available should be 0 for the key "ad_key". This is the user_key that is assigned to new users through this automated process and should not be allowed to be assigned to users through any other process. Setting available = 0 will prevent this key from being assigned to users other than the new LDAP-authenticated users.

 

The Key must match the KEY in the OMA src/js/resources/config/loginSettings.js file’s self.appKey value.

Here is the default key:

You can have as many keys in the NMS Configuration Assistant Mobile Applications tab as you like; OMA is only built with one key, but different versions of OMA can use different keys (one for internal version of the app, another for extern version of the app).