NMS works with a rich client that allows the best user experience. That rich client in turn calls various APIs on the server to accomplish the user request. JBot configuration will allow various different applications or user types to configure different options for different users. However, that configuration does not address securing the underlying security of the API calls. A technically savvy user could bypass the configuration by changing the tool configuration on their own copy of NMS or by using a debugger to modify the existing Java runtime. Therefore, it is important to use WebLogic roles and groups to limit the security exposure; this is used to protect the actual API calls made to the server.

It is strongly recommended to use different groups for each type of user, as using the same group will allow a user to do API calls for any of the groups. For example, if a standard user is in the service_users group, (or has access to the NMSService role, that would give them the ability to make a model change under someone else's name). Likewise, if a view only user has standard access, then they would be able to call any of the APIs that a standard user has access to. If an application is not used, such as Call Entry or Service Alert, then the group does not have to be assigned.

Please see the Configuring NMS Security Roles section in the Oracle Utilities Network Management System Installation Guide for information on configuring security roles and groups.

Another option, especially for an occasional user is to use a remote desktop technology such as Oracle Secure Global Desktop or Citrix. Users that only have access to NMS through Citrix only can access the options that are configured for their environment, and would not have any direct API access.