The User Authorization window can only be accessed by Administrative users. To access this window with Router Services Manager's Authorization feature disabled, you must log on to Router Services Manager as a user with Administrative privileges on your system. For Solaris, this means logging on as root. For Windows systems, you must log on as a user with Administrative privileges. (Refer to the user documentation for your system to learn more about Administrative privileges)
When Authorization is enabled, you must be an Administrative user in the Router Services Manager database to open the User Authorization window.
Three authorization levels can be defined. The following restrictions apply to these access levels:
| |
CAUTION: |
You should disable the Guest account when running Router Services Manager on a WindowsTM 2000 host system. Windows 2000 allows a user without an account on the machine to login using the Guest account. This is a potential security problem.
|
- Administrator
- No Restrictions - Administrator access is required to launch the User Authorization window and add remove or edit user profiles.
- Read Write
- Cannot launch the User Authorization window, and therefore cannot view or change user profiles. All other operations and functions are permitted.
- Read Only
- The following restrictions apply:
- Cannot perform a Save or Save As
- Cannot Enforce ACLs
- Can launch the Pre-Defined Well-Knowns window and change well-known IDs, but cannot permanently change/save well known IDs.
- Cannot change selections in the Startup and Enforce tabs in the Options window
- Cannot display passwords as clear text or change the Show Passwords as Clear Text setting in the Display tab in the Options window
- Can create a device, but cannot Save or Save As, so the devices are not persistent
- Can create Nicknames for devices, but a Read Only user cannot Save or Save As, so the Nicknames are not saved
- Cannot Save Active to Startup
- Cannot launch the User Authorization window
- Can launch template windows, but cannot change template settings
- Device Access credentials (Community Name, Telnet Login, and Enable Mode) are always hidden from Read Only users
- Can create a device, either through the Create Device window or by Importing a Device List, but the Use Syslog for ACL logging setting in the Options tab for these functions will not alter the current Syslog setting in the device. And, since Read Only users cannot Save or Save As, the device information cannot be saved.
Instructions on:
To enable Authorization you must authenticate (log on) to Router Services Manager at startup as a user with Administrative privileges for your system. When newly installed, Router Services Manager will remind you of the requirement to add a user with Administrative privileges in the Router Services Manager database. If you do not specify a user with Administrative privileges in Router Services Manager, Authorization will be disabled and all users logging on to Router Services Manager will be granted Read Write access.
- Launch Router Services Manager and log on as the user with Administrative privileges (root on UNIX systems) on the system (refer to your system documentation to learn more about administrative users).
- Enter your User ID, Domain Password and, on a Windows platform, select a domain from the Domain list in the Authentication window.
- Click OK. The Router Services Manager Main window opens.
- Open the User Authorization window:
- If you've launched Router Services Manager as an Administrative user and User Authorization is currently disabled (as when newly installed), a message asks if you want to enable Authorization. Click Yes to open the User Authorization window,
or
- Pull down the Tools menu and select User Authorization. The User Authorization window opens.
- Add yourself as an Administrative user:
- Enter your User ID into the Username field.
- Select Administrator from the Access drop-down list.
- Click Apply. The user information is added to the Authorized Users table.
Authorization is now enabled. To allow other users to access Router Services Manager, you must now add users and define their access level.
If Authorization is enabled and you are logged on as an administrative user, you can add users to the Router Services Manager database and specify their level of access to Router Services Manager features.
- Pull down the Tools menu and select User Authorization. The User Authorization window opens.
- Enter the username into the Username field. This user must be a valid user on the system where you are running Router Services Manager. The user name can be any character string.
- Select an access level from the Access drop-down list.
- Click Apply. The user information is added to the Authorized Users table.
If Authorization is enabled and you are logged on as an administrative user, you can remove users to the Router Services Manager database, thereby denying access to Router Services Manager features.
- Pull down the Tools menu and select User Authorization. The User Authorization window opens.
- Select the user being removed from the Authorized User table.
- Click Remove. The user is no longer permitted access to Router Services Manager.
If Authorization is enabled and you are logged on as an administrative user, you can adjust the access level of users, thereby restricting their access to certain Router Services Manager features.
- Pull down the Tools menu and select User Authorization. The User Authorization window opens.
- Select the user being modified from the Authorized User table.
- Select an access level from the Access drop-down list.
- Click Apply. The user information is changed in the Authorized Users table.
If Authorization is enabled and you are logged on as an administrative user, you can disable User Authorization. With Authorization disabled, all users logging on to Router Services Manager are granted Read Write access.
- Pull down the Tools menu and select User Authorization. The User Authorization window opens.
- One-by-one, select all the users from the Users table, including the Administrative user and click Remove to remove every user from the table.
- Click Apply. The Administrative user information is removed from the Users table and Authorization is now disabled. Now, all users that can log on to Router Services Manager will be granted Read Write access.
Related Information
For information on related windows:
For information on related tasks: