Sie sind auf Seite 1von 18

HUAWEI GGSN9811 Gateway GPRS Support Node

Operation Guide

3 Managing the Authority of the GGSN9811

Managing the Authority of the GGSN9811

About This Chapter


The GGSN9811 offers a wide rage of operation and maintenance commands. The commands
are categorized into different command groups in terms of functions and influence on the device,
which facilitates the management. Meanwhile, the users are divided into groups with different
authorities. The command groups are specific to different users. This is to facilitate the operation
and management and improve the system security.
3.1 Basic Concepts
This part describes the basic concepts of the office, user type, user name, and password regarding
the authority management.
3.2 Managing Operators of the GGSN9811
The operator's account can be managed only by the admin user, administrator, and custom user
with relevant authority.
3.3 Managing Command Groups
The command groups can be managed only by the admin user, administrator, and custom user
with relevant authority.
3.4 Managing User Passwords
This part describes how to manage the passwords by setting and querying the password policy
or modifying the password.

Issue 03 (2008-04-10)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd

3-1

3 Managing the Authority of the GGSN9811

HUAWEI GGSN9811 Gateway GPRS Support Node


Operation Guide

3.1 Basic Concepts


This part describes the basic concepts of the office, user type, user name, and password regarding
the authority management.
3.1.1 User Types
The local maintenance terminal (LMT) allows only two types of users to log in to the network
element (NE), that is, domain users and local users.
3.1.2 Operator Authority
The operator authority contains five levels, that is, guest, user, operator, administrator, and
custom user.
3.1.3 User Names and Passwords
This part describes the restrictions to the user name and password, as well as the default operator.
3.1.4 Operation Time Limit
The admin user, administrator, and custom user with related authority can enable that the
operator can operate the local maintenance terminal (LMT) only within a certain period. This
period is called time limit.
3.1.5 Command Groups
A command group is a set of commands. The commands are categorized into command groups,
and then the command groups are assigned to users with different authorities. In this case, the
authority of the operator can be managed. One command can belong to different command
groups.

3.1.1 User Types


The local maintenance terminal (LMT) allows only two types of users to log in to the network
element (NE), that is, domain users and local users.
The local users are managed by the NE; however, the domain users are managed by network
management system (NMS) and can log in to the NE. Table 3-1 lists the difference.
Table 3-1 Difference between the domain user and the local user

3-2

Operation Target

Domain User

Local User

Information such as user login and


authentication

Saved in the M2000.

Saved in the NE.

Adding, modifying, deleting, or


querying the user

Realized on the
M2000.

Realized on the NE.

Procedure for user login and password


modification

The request is sent to


the M2000. After
receiving the request,
the M2000 sends
back the
authentication result
(success or failure) to
the NE.

Realized on the NE.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd

Issue 03 (2008-04-10)

HUAWEI GGSN9811 Gateway GPRS Support Node


Operation Guide

3 Managing the Authority of the GGSN9811

3.1.2 Operator Authority


The operator authority contains five levels, that is, guest, user, operator, administrator, and
custom user.
Table 3-2 Operator authority levels
Authority
Level

Data Query

System
Maintenance

Data
Configuration

Administratio
n

Guest

User

Operator

Administrat
or

Custom

When a user name is added, the authority for adding any combination of
command groups is available.

The commands for the guest, user, operator, and administrator are predefined in the system and
cannot be modified. The symbol indicates the available authority. The data query command,
system maintenance command, data configuration command, and operator management
command correspond to the authorities mentioned in the preceding table.
The authority of the custom user is defined by determining the command groups that can be used
by the custom user. The name of the command group and the commands in the command group
can be set based on the actual needs. Thus, the authority of the operator can be set in a flexible
way.
The custom user can add the authorities such as management, data query, system maintenance,
and data configuration.

3.1.3 User Names and Passwords


This part describes the restrictions to the user name and password, as well as the default operator.
The user name can contain up to 32 characters made up of letters and digits. The user name is
not case sensitive and must start with a letter.
The password is composed of 6 to 32 characters containing only alphabets, digits, and special
characters. The password is case sensitive.

Issue 03 (2008-04-10)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd

3-3

HUAWEI GGSN9811 Gateway GPRS Support Node


Operation Guide

3 Managing the Authority of the GGSN9811


NOTE

The special characters include: ~, !, @, #, $, %, ^, &, *, (, ), _, +, -, {, }, |, [, ], \, :, <, >, ?, ., /, and space.


The following characters are prohibited: ,, ;, =, ", and '.
The following combinations are prohibited:
l

Two or more %

Two or more space

Start identifiers of MML packets +++

End identifiers of MML packets ---

By default, the user name is admin and the initial password is admin. The admin user enjoys
the highest authority and can run all the commands. The admin user can add the other users and
cannot be deleted. The password of the admin user can be changed only by this user.
NOTE

All the operators can modify their own passwords.

The admin user can modify the passwords of all users.

The administrator and the custom user with related authority can change the passwords of the users
except the admin user.

3.1.4 Operation Time Limit


The admin user, administrator, and custom user with related authority can enable that the
operator can operate the local maintenance terminal (LMT) only within a certain period. This
period is called time limit.
The operation period is determined by the date, week, and time.
Table 3-3 lists the examples of the operation time limit.
Table 3-3 Examples of the operation time limit
Index

Date

Week

Time

Period

Exampl
e1

2006-08-01 to
2007-08-01

Monday to
Friday

8:00:00 to
18:00:00

From 8:00:00 to 18:00:00;


Monday to Friday;
2006-08-01 to 2007-08-01

Exampl
e2

Saturday and
Sunday

Saturday and Sunday

Exampl
e3

No time limit

3.1.5 Command Groups


A command group is a set of commands. The commands are categorized into command groups,
and then the command groups are assigned to users with different authorities. In this case, the
authority of the operator can be managed. One command can belong to different command
groups.
The system defines 32 command groups. Here:
3-4

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd

Issue 03 (2008-04-10)

HUAWEI GGSN9811 Gateway GPRS Support Node


Operation Guide

3 Managing the Authority of the GGSN9811

G_0 to G_10: default command groups. The command in the command group cannot be
added or deleted.

G_11 to G_31: customized command groups

Table 3-4 lists the command groups.


Table 3-4 Description of command groups
Command Group

Authority

Description

G_0

Guest group

G_1

Alarm management

G_2

Performance query

G_3

Performance management

Predefined MML
command groups.
The commands in the
group cannot be
modified; however,
they can be queried.

G_4

Trace query

G_5

Trace management

G_6

Configuration query

G_7

Configuration management

G_8

Device query

G_9

System group

G_10

Alarm query

G_11 to G_31

User-difined command groups

The commands in
these groups can be
queried and
modified.

3.2 Managing Operators of the GGSN9811


The operator's account can be managed only by the admin user, administrator, and custom user
with relevant authority.
3.2.1 Adding the Account of an Operator
This part describes how to add the account of an operator and how to set the password, definition,
command groups (only for custom user), and operation time limit.
3.2.2 Querying the Information of an Operator
This part describes how to query the information of a specified operator or all operators.
3.2.3 Modifying the Information of an Operator
This part describes how to modify the information of an operator, including the description,
password, definition, authority, and operation time limit. All the information rather than the
password takes effect after being modified.
3.2.4 Deleting the Account of an Operator
Issue 03 (2008-04-10)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd

3-5

3 Managing the Authority of the GGSN9811

HUAWEI GGSN9811 Gateway GPRS Support Node


Operation Guide

This part describes how to delete the account of an operator. The admin account cannot be
deleted.
3.2.5 Disconnecting the LMT Client
This part describes how to disconnect the local maintenance terminal (LMT) client. The LMT
client refers to the LMT programs, including the operation & maintenance system, trace viewer,
alarm system.
3.2.6 Setting the Locking/Unlocking Function
This part describes how to lock and unlock the local accounts excluding the admin account.
3.2.7 Querying Locking/Unlocking Status
This part describes how to query the status of local non-default accounts.
3.2.8 Unlocking User Accounts Manually
This part describes how to manually unlock the local user accounts.

3.2.1 Adding the Account of an Operator


This part describes how to add the account of an operator and how to set the password, definition,
command groups (only for custom user), and operation time limit.

Prerequisite
l

The local maintenance terminal (LMT) is started.

The user logs in to the GGSN9811 as an operator with the operation authority.

Context
This operation is valid only for local users.
NOTE

The operator's account can be added only by the admin, administrator, and custom operator with relevant
authority.

You can add the user name of an operator in the following ways.

Procedure
l

Through the menu


1.

3-6

Choose Authority > Account > Add... on the LMT. The Operator Management
dialog box is displayed. Refer to Figure 3-1.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd

Issue 03 (2008-04-10)

HUAWEI GGSN9811 Gateway GPRS Support Node


Operation Guide

3 Managing the Authority of the GGSN9811

Figure 3-1 Operator Management dialog box

2.

Enter the user name and password and set the definition in the dialog box. If
Custom is selected, specify the command groups to set Authority Limit.

3.

Set the operation time limit according to the actual needs.

4.

Click OK. If the adding succeeds, a Confirm prompt is displayed, asking you whether
to add more?

5.

Click Yes to add the account of the operator. Click No to cancel the addition.

Through the MML command


1.

Run ADD OP to add the account of the operator.

WARNING
The account to be added must be different from the existing ones.
----End

3.2.2 Querying the Information of an Operator


This part describes how to query the information of a specified operator or all operators.

Prerequisite
l

Issue 03 (2008-04-10)

The local maintenance terminal (LMT) is started.


Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd

3-7

3 Managing the Authority of the GGSN9811


l

HUAWEI GGSN9811 Gateway GPRS Support Node


Operation Guide

The user logs in to the GGSN9811 as an operator with the operation authority.

Context
This operation is valid only for local users.
l

If the account of the operator is not specified, the system displays the names and status
information of all operators. In addition, the currently used IP addresses, service, and login
time of the online operators are also displayed.

If the account of the operator is specified, the system displays the name, description,
password, operation time limit, status, and command groups.

Procedure
Run LST OP to list the information of the operator.
----End

3.2.3 Modifying the Information of an Operator


This part describes how to modify the information of an operator, including the description,
password, definition, authority, and operation time limit. All the information rather than the
password takes effect after being modified.

Prerequisite
l

The local maintenance terminal (LMT) is started.

The user logs in to the GGSN9811 as an operator with the operation authority.

Context
This operation is valid only for local users.
NOTE

The operator's account can be modified only by the admin user, administrator, and custom user with relevant
authority.

You can modify the information of an operator in the following ways.

Procedure
l

Through the menu


1.

Choose Authority > Account > Modify... on the LMT.


The Modify Operator dialog box is displayed. Refer to Figure 3-2.

3-8

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd

Issue 03 (2008-04-10)

HUAWEI GGSN9811 Gateway GPRS Support Node


Operation Guide

3 Managing the Authority of the GGSN9811

Figure 3-2 Modify Operator dialog box

2.

Select the account of an operator, and click Modify.


The Operator Management dialog box is displayed. The dialog box displays the
information of the operator to be modified. Refer to Figure 3-3.

Figure 3-3 Operator Management dialog box

3.

Issue 03 (2008-04-10)

Modify the information of the operator, and then click OK. The Modification
succeeded. prompt is displayed.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd

3-9

3 Managing the Authority of the GGSN9811

4.
l

HUAWEI GGSN9811 Gateway GPRS Support Node


Operation Guide

Click OK.

Through the MML command


1.

Run MOD OP to modify the information of the operator.

----End

3.2.4 Deleting the Account of an Operator


This part describes how to delete the account of an operator. The admin account cannot be
deleted.

Prerequisite
l

The local maintenance terminal (LMT) is started.

The user logs in to the GGSN9811 as an operator with the operation authority.

Context
This operation is valid only for local users. The admin account cannot be deleted.
NOTE

The operator's account can be deleted only by the admin user, administrator, and custom user with relevant
authority.

You can delete the account of an operator in the following ways.

Procedure
l

Through the menu


1.

Choose Authority > Account > Delete... on the LMT. The Delete Operator dialog
box is displayed. Refer to Figure 3-4.
Figure 3-4 Delete Operator dialog box

2.

3-10

Select the account of an operator to be deleted, and then click Delete. The
Confirmation prompt is displayed.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd

Issue 03 (2008-04-10)

HUAWEI GGSN9811 Gateway GPRS Support Node


Operation Guide

3 Managing the Authority of the GGSN9811

3.

Click Yes to delete the account. The Delete Operator dialog box is displayed.

4.

Repeat Step 2 if you need to delete other accounts. Otherwise, click Close.

Through the MML command


1.

Run RMV OP to delete the account of the operator.

----End

3.2.5 Disconnecting the LMT Client


This part describes how to disconnect the local maintenance terminal (LMT) client. The LMT
client refers to the LMT programs, including the operation & maintenance system, trace viewer,
alarm system.

Prerequisite
l

The LMT is started.

The user logs in to the GGSN9811 as an operator with the operation authority.

Context
NOTE

Running this command can disconnect the specified network element (NE) from the LMT client. Thus,
run this command with caution.

Procedure
Step 1 Run DSP LNK to display the information of the current client.
Step 2 Run RMV LNK to disconnect the client.
----End

3.2.6 Setting the Locking/Unlocking Function


This part describes how to lock and unlock the local accounts excluding the admin account.

Prerequisite
l

The local maintenance terminal (LMT) is started.

The admin logs in to the GGSN9811.

Context
Lock or unlock the local non-default accounts. The administrator can lock all the local nondefault accounts, and then disable the function of managing the local users.

CAUTION
The local non-default accounts can be locked or unlocked only by the admin user.
If a non-default account is locked, the locked user cannot log in to the network element (NE)
through the LMT.

Issue 03 (2008-04-10)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd

3-11

3 Managing the Authority of the GGSN9811

HUAWEI GGSN9811 Gateway GPRS Support Node


Operation Guide

Procedure
Run SET OPLOCK to lock or unlock the local non-default accounts.
----End

3.2.7 Querying Locking/Unlocking Status


This part describes how to query the status of local non-default accounts.

Prerequisite
l

The local maintenance terminal (LMT) is started.

The user logs in to the GGSN9811.

Context
All users can query the status of all local accounts rather than the admin user.

Procedure
Run LST OPLOCK to query the locking or unlocking status of local non-default accounts.
----End

3.2.8 Unlocking User Accounts Manually


This part describes how to manually unlock the local user accounts.

Prerequisite
l

The local maintenance terminal (LMT) is started.

The administrator logs in to the GGSN9811.

Context
Running ULK USR can unlock only the account of the user who enters the wrong passwords
continually. That is, some local non-default accounts cannot be unlocked by using ULK USR.
The times of entering the wrong password are cleared when you unlock the user that is not locked
by using ULK USR.
NOTE

The local accounts can be unlocked only by the administrator.

Procedure
Run ULK USR to unlock the local user accounts.
----End

3-12

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd

Issue 03 (2008-04-10)

HUAWEI GGSN9811 Gateway GPRS Support Node


Operation Guide

3 Managing the Authority of the GGSN9811

3.3 Managing Command Groups


The command groups can be managed only by the admin user, administrator, and custom user
with relevant authority.
3.3.1 Querying Information of Command Groups
The system provides 32 command groups ranging from G_0 to G_31.
3.3.2 Setting the Name of a Command Group
The names of default command groups G_0 to G_10 cannot be modified. The command groups
G_11 to G_31 are customized, and thus you can modify the names of these command groups.
3.3.3 Modifying Commands in Command Groups
The command groups G_0 to G_10 are default, and thus the commands in these command groups
cannot be added or deleted. The command groups G_11 to G_31 are customized, and thus you
can modify the commands in these command groups.

3.3.1 Querying Information of Command Groups


The system provides 32 command groups ranging from G_0 to G_31.

Prerequisite
l

The local maintenance terminal (LMT) is started.

The user logs in to the GGSN9811 as an operator with the operation authority.

Context
This operation is valid only for local users.
NOTE

The operator's account can be added only by the admin, administrator, and custom operator with relevant
authority.

Procedure
Run LST CCG to list the commands in the command group.
----End

3.3.2 Setting the Name of a Command Group


The names of default command groups G_0 to G_10 cannot be modified. The command groups
G_11 to G_31 are customized, and thus you can modify the names of these command groups.

Prerequisite
l

The local maintenance terminal (LMT) is started.

The user logs in to the GGSN9811 as an operator with the operation authority.

Context
This operation is valid only for local users.
Issue 03 (2008-04-10)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd

3-13

3 Managing the Authority of the GGSN9811

HUAWEI GGSN9811 Gateway GPRS Support Node


Operation Guide

NOTE

The operator's account can be added only by the admin, administrator, and custom operator with relevant
authority.

You can set the names of the command groups in the following ways.

Procedure
l

Through the menu


1.

Choose Authority > Command Group > Set Command Group Name... on the
LMT. The Set Command Group Name dialog box is displayed. Refer to Figure
3-5.
Figure 3-5 Set Command Group Name dialog box

2.

Select a command group in Command Group and enter a name of a command group
in Command Group Name.

3.

Click Set. If the operation succeeds, the Operation succeeded. prompt is


displayed.

4.

Click OK. Then, the Set Command Group Name dialog box disappears.

Through the MML command


1.

Run LST CCGN to list the name of the command group.


NOTE

You can run LST CCGN to list the names of command groups G_0 to G_31 or those of
specified command groups.

2.

Run SET CCGN to set the name of the command group.

----End

3.3.3 Modifying Commands in Command Groups


The command groups G_0 to G_10 are default, and thus the commands in these command groups
cannot be added or deleted. The command groups G_11 to G_31 are customized, and thus you
can modify the commands in these command groups.

Prerequisite

3-14

The local maintenance terminal (LMT) is started.

The user logs in to the GGSN9811 as an operator with the operation authority.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd

Issue 03 (2008-04-10)

HUAWEI GGSN9811 Gateway GPRS Support Node


Operation Guide

3 Managing the Authority of the GGSN9811

Context
This operation is valid only for local users.
NOTE

The operator's account can be added only by the admin, administrator, and custom operator with relevant
authority.

You can modify the commands in the command groups in the following ways.

Procedure
l

Through the menu


1.

Choose Authority > Command Group > Modify Command Group... on the LMT.
The Modify Command Group dialog box is displayed. Refer to Figure 3-6.
Figure 3-6 Modify Command Group dialog box

2.

Select a command group among G_11 to G_31, such as G_11.

3.

Select the commands to be added to the command group or deselect the commands
to be deleted in the check box. Set the name of the command group according to the
actual needs.

4.

Click OK. Then, the Modify Command Group dialog box disappears.

Through the MML command


1.

Run LST CCG to list the commands in the command group.

2.

Run ADD CCG to add a command to the command group.

3.

Run RMV CCG to remove a command from the command group.

----End

3.4 Managing User Passwords


This part describes how to manage the passwords by setting and querying the password policy
or modifying the password.
3.4.1 Setting the Password Policy
Issue 03 (2008-04-10)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd

3-15

3 Managing the Authority of the GGSN9811

HUAWEI GGSN9811 Gateway GPRS Support Node


Operation Guide

The administrator can set the minimum length of the password, password complexity, maximum
times for allowing wrong passwords, and automatic unlocking period.
3.4.2 Querying the Password Policy
This part describes how to query the password policy that the user must comply with for login.
3.4.3 Changing the Password
This part describes how to change the password. All the operators can modify their own
passwords.

3.4.1 Setting the Password Policy


The administrator can set the minimum length of the password, password complexity, maximum
times for allowing wrong passwords, and automatic unlocking period.

Prerequisite
l

The local maintenance terminal (LMT) is started.

The user logs in to the GGSN9811 as an operator with the operation authority.

Context
You can set the password policy in two ways.

Procedure
l

Through the menu


1.

Choose Authority > Password Policy Setting... on the LMT. The Password Policy
Setting dialog box is displayed. Refer to Figure 3-7.
Figure 3-7 Password Policy Setting dialog box

3-16

2.

Set the minimum length of the password. The value ranges from 6 to 32.

3.

Select the characters for password complexity, including lowercase letters, uppercase
letters, digits, and special characters.

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd

Issue 03 (2008-04-10)

HUAWEI GGSN9811 Gateway GPRS Support Node


Operation Guide

3 Managing the Authority of the GGSN9811

NOTE

The special characters include the following: ~, !, @, #, $, %, ^, &, *, (, ), _, +, -, {, }, |, [, ],


\, :, <, >, ?, ., /, and space.
The following characters are prohibited: ,, ;, =, ", and '.
The following combinations are prohibited:

4.
l

Two or more %

Two or more Space

Start identifiers of MML packets +++

End identifiers of MML packets ---

Click OK. Then, the Password Policy Setting dialog box disappears.

Through the MML command


1.

Run SET PWDPOLICY to set the password policy for local users.

----End

3.4.2 Querying the Password Policy


This part describes how to query the password policy that the user must comply with for login.

Prerequisite
l

The local maintenance terminal (LMT) is started.

The user logs in to the GGSN9811 as an operator with the operation authority.

Context
For details on the password policy, see 3.4.1 Setting the Password Policy.

Procedure
Run LST PWDPOLICY to query the password policy.
----End

3.4.3 Changing the Password


This part describes how to change the password. All the operators can modify their own
passwords.

Prerequisite
l

The local maintenance terminal (LMT) is started.

The user logs in to the GGSN9811.

Issue 03 (2008-04-10)

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd

3-17

3 Managing the Authority of the GGSN9811

HUAWEI GGSN9811 Gateway GPRS Support Node


Operation Guide

Context

CAUTION
The admin user must be cautious when changing the password. The admin user cannot log in to
the LMT if the password is forgotten. The only way to log in to the LMT if the password is
forgotten is to re-install the LMT.

Procedure
Step 1 Choose Authority > Change Password... on the LMT. The Change Password dialog box is
displayed. Refer to Figure 3-8.
Figure 3-8 Change Password dialog box

Step 2 Enter the old password for authentication, and then enter a new password to confirm.
Step 3 Click OK. Then, the Change Password dialog box disappears.
----End

3-18

Huawei Proprietary and Confidential


Copyright Huawei Technologies Co., Ltd

Issue 03 (2008-04-10)