Nokia Network Voyager for IPSO 4.0 Reference Guide 293 Control who can log in through SSH.For most other functions that are generally associated with groups, use the role-basedadministration feature, described in “Role-Based Administration” on page 293.To add or edit a group1. Click Groups under Configuration > Security and Access Configuration in the tree view..2. Under Add Group Name, enter the name (eight or fewer characters) of the new group and agroup ID number.The group ID must be unique. Suggested values are between 101 and 65000. Range: 0-65535. Nokia recommends that you reserve 0 to 100 for system use, although this is notenforced. Numbers 0 and 10 are reserved for the predefined Wheel and Other groupsrespectively. GIDs 65533 & 65534 are also reserved.3. Click Apply.The new group information appears on the page.4. To add a new member to a group, enter the user name in the Add new member text box andclick Apply.5. To delete a member from the group, select the user name from the Delete member text boxand click Apply.6. Click Save to make your changes permanent.Role-Based AdministrationWhen you add a new user, the user is given read-only privileges to the Nokia Network Voyagerhome page and CLI prompt but cannot access other Network Voyager pages or executecommands from the CLI prompt. You must assign roles to the user to provide additional accessprivileges.Role-based administration (RBA) allows IPSO administrators to create and use separate roles.With RBA, an administrator can allow users to access specific features by including the featuresin a role and assigning the role to users. Each role can include a combination of administrative(read/write) access to some features, monitoring (read-only) access to other features, and noaccess to still other features. This feature also provides improved auditing capabilities.To assign a set of access permissions to a user, create a role that specifies levels of access tofeatures you want to include, then assign this role to the relevant user. You can also specifywhich access mechanisms (Network Voyager or the CLI) are available to the user when youassign a role to the user.If your system is part of a cluster, you can create and assign roles that provide access to the entirecluster for the associated features. See “Creating Cluster Administrator Users” for detailedinformation about this type of user.
