Login
- Table of Contents
-
- H3C Unified Platform Configuration Examples-E07xx-5W107
- 01-Unified Platform Operator Permission Management Configuration Examples
- 02-Unified Platform Dashboard Configuration Examples
- 03-Unified Platform Trap Filter Rule Configuration Examples
- 04-Unified Platform Trap-to-Alarm Rule Configuration Examples
- 05-Unified Platform Alarm Forwarding via SMS Configuration Examples
- 06-Unified Platform Alarm Aggregation Configuration Examples
- 07-Unified Platform Component License Registration and Expansion Configuration Examples
- 08-Unified Platform Alarm Forwarding via Mail Configuration Examples
- 09-Unified Platform Two-Factor Authentication Configuration Examples
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-Unified Platform Operator Permission Management Configuration Examples | 1.64 MB |
Unified Platform Operator Permission Management
Configuration Examples
Document version: 5W107-20250326
Software version: E0715
Copyright © 2025 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this document is subject to change without notice.
Contents
Example: Configuring operator permissions in Unified Platform
Configuring operation permissions
Configuring resource permissions
Assigning permissions to resource groups
Configure operator permissions
Verifying the operation permissions configuration
Verifying the resource permissions configuration
Introduction
Operators manage and maintain the Unified Platform and its service components. This system uses role-based access control as follows:
· Operation permission control: Controls the operation permissions of operators within an organization by allocating permissions to a role, assigning the role to the organization, and adding operators to the organization.
· Resource permission control—Controls the resource permissions of operators within an organization using the following method: Based on user requirements, add resources to a resource group, and allocate operation permissions for the resources in the group. Add these operation permissions to a role (this role must have related operation permissions for the resource group). Assign the role to an organization and add operators to the organization.
Figure 1 Permission control
Usage guidelines
Application scenarios
This document primarily explains how to configure operation permissions and resource permissions for operators in Unified Platform.
Prerequisites
Example: Configuring operator permissions in Unified Platform
A system administrator at a company wants to add a maintainer that has the following operation and resource permissions:
· Permissions to manage reports and alarms.
· Permissions to manage a resource group (Region_A Resources in this example).
This example uses Unified Platform E0715 to illustrate the configuration process.
Configuring operation permissions
Adding a role
This system uses role-based access control. You can customize role information as needed and allocate permissions to roles.
1. On the top navigation bar, click System. From the left navigation pane, select Role Management > Roles.
2. Click Add. The page for adding a role opens in the right pane.
¡ Quick mode: Create a role by selecting the operations, resources, and resource groups that require permission control.
¡ Classic mode: Create a role by selecting existing permissions.
¡ Operation group mode: Create a role by selecting existing operation groups and the resources and resource groups that require permission control.
This example describes the role configuration in quick mode and operation group mode.
Quick mode
1. Click Quick in the Mode field.
2. Configure basic information:
¡ Role Name—Name of the role.
¡ Description—Description information for the role.
¡ Permissions—Select alarm and report-related operation permissions. Click All to select all permissions for Report or Alarm Manage.
Figure 4 Configuring role information
¡ Selecting scope
- Select accessible resources for the specified permissions. You can select all resources or specific resources.
- If you select specific resources, the permission does not have access to non-selected resources (including viewing, editing, and deleting these resources).
- The scope only applies to resource types that have specific instances. If a selected resource does not have the corresponding permissions selected, the permissions will not take effect.
In this example, click Select and then click Select Resources. In the window that opens, select resources as needed.
Figure 5 Selecting resources
3. Click OK.
Operation group mode
1. Click Operation Group in the Mode field.
Figure 6 Operation group mode
2. Configure basic information:
¡ Role Name—Name of the role. In this example, specify the role name as Opgourp1.
¡ Description—Description information for the role.
3. Operation Group—Click Add to open the operation group selection page. Select the operation groups related to the role. Click OK.
Figure 7 Selecting operation groups
4. Select All for the scope, and then click OK.
Adding a role group
You can assign roles that have the same attributes to a group for easy management. To control access permissions for operators in a role group, you can configure permissions and roles in the role group.
1. On the top navigation bar, click System. From the left navigation pane, select Role Management > Role Groups.
2. Click Add in the left pane of the page. The page for adding a role group opens in the right pane.
Figure 9 Adding a role group
3. Configure basic information:
¡ Enter a name for the role group.
¡ Use the default values for other parameters.
4. In the Operators area, click Select to open the operator list page. Select operators to add to the role group.
Figure 10 Selecting operators
5. The Permission Configuration area is for direct permission assignment. This example uses the role-based permission control, so do not configure this area.
Figure 11 Direct permission assignment
6. Role-based permission assignment: Select roles and add them to the role group. As shown in Figure 12, unfold the Roles area and then select the role1 role.
Figure 12 Role-based permission assignment
7. Click OK.
Adding an operation group
An operation group is a collection of operations. This system supports group-based permission control and allows you to allocate operations to operation groups. You can define operation groups depending on your requirements.
1. Click Add. The page for adding an operation group opens in the right pane.
Figure 13 Adding an operation group
2. Configure basic settings:
¡ Name—Name of the operation group. In this example, specify the operation group name as OPGroup1.
¡ Description—Description information for the operation group.
Figure 14 Configure basic information:
3. Permissions—Select the permissions on operations related to alarms and reports. In this example, click All for report management and alarm management.
Figure 15 Configure operation permissions
4. Click OK.
Adding an operator
An operator is the management & maintenance personnel for the system and its components. You can control the operation permissions of operators by adding operators to organizations.
1. On the top navigation bar, click System. From the left navigation pane, select Operation Management > Operators.
2. To add an operator, click Add to enter the Add Operator page.
3. Configure basic information:
¡ Operator Name—Enter the username of the operator, ZhangSan in this example.
¡ Tenant—Select the tenant to which the operator belongs. This example uses tenant System.
¡ Organization: Select the organization to which the operator belongs. This example uses organization Default.
¡ Authentication Method—Select the system login authentication method for the operator. In this example, select Simple Password Authentication, and set the login password and confirm the password.
¡ Use the default values for other parameters.
Figure 18 Operator information configuration
4. Configure operator permission settings:
¡ By Role Group—Specify permissions for the operator by role group.
¡ By Role—Specify permissions for the operator by role.
¡ By Direct Assignment—Specify permissions for the operator by directly assigning the permissions to the operator.
This example describes how to specify permissions for the operator by role.
Figure 19 Role-based permission assignment
5. Click OK.
Configuring resource permissions
Adding a resource group
This feature allows an operator to create resource groups as needed and assign resources to these groups for management.
1. On the top navigation bar, click System. From the left navigation pane, select System Settings > Resource Groups.
2. Click Add to enter the page for adding a resources group.
Figure 21 Adding a resource group
3. Configure basic information:
¡ Group Name—Name of the resource group, which is Region_A Resources in this example.
¡ Resources—Click All Available Resources. On the window that opens, select resources for this resource group. In this example, select the report templates with the IP address 127.0.0.1.
¡ Use the default values for other parameters.
Figure 22 Add a resource group
4. Click OK.
Assigning permissions to resource groups
You can configure operation permissions for resource groups and adding them to specified roles. Then, by assigning these roles to organizations, you can control access to resources for operators within those organizations.
1. On the top navigation bar, click System. From the left navigation pane, select System Settings > Resource Groups.
2. Select resource group Region_A Resource, and then click Assign Permissions to enter the permissions assignment page.
Figure 24 Assigning permissions
3. Configure the following parameters:
¡ Actions—Select the permitted operations for the resource group. In this example, select all the operations in Network Device and Resource Group.
¡ Permission Name Prefix—Configure the permission name prefix. Then, the permission name will be displayed in the format of prefix-resource type name. In this example, the prefix is Per.
¡ Permission Group—Select a permission group for the permissions. In the permission group on the permission list, you can view the permissions. In this example, select the Resource permission group.
¡ Select whether to add the permissions to a role.
- Create permissions only—If you select this option, the permissions are not added to a role. They will be displayed in the permissions list after being created.
- Add Permissions to Role: Select a role to which the permissions will be added. In the permission list for this role, you can view the permissions.
- Create a Role: Create a role with the specified role name. Then, the role is assigned the permissions. In the permission list for this role, you can view the permissions.
In this example, add the permissions to role named role1.
Figure 25 Assign permissions to resource groups
4. Click OK.
Configure operator permissions
Assign the management station administrator's operation permissions to operator yunwei.
1. On the top navigation bar, click System. From the left navigation pane, select Operation Management > Operators.
2. Click the Edit
icon 
in
the Actions column for operator ZhangSan. The page for editing the operator permissions
opens in the right pane.
3. Unfold the By Role area. You can modify the corresponding operation permissions, and then click OK.
Verifying the configuration
Verifying the operation permissions configuration
Viewing the super administrator's operation permissions
Log in to the system as the super administrator admin to view the operation permissions. You can see that admin has administrative access to all features.
Figure 27 Super administrator permissions - Monitor tab
Figure 28 Super administrator permissions - Analytics tab
Viewing the operation permissions of operator ZhangSan
Log in to the system as operator ZhangSan to view operation permissions. You can see that this operator has administrative access only to alarm and report features.
Figure 29 Operation permissions of operator ZhangSan - Alarm
Figure 30 Operation permissions of operator ZhangSan - Report
Verifying the resource permissions configuration
Viewing the resource permissions of the super administrator
1. Log in to the system as the super administrator admin.
2. On the top navigation bar, click Monitor. From the left navigation pane, select View Management > Device View. You can view all devices in the system.
Figure 31 Resource permissions of the super administrator
Viewing the resource permissions of operator ZhangSan
1. Log in to the system as operator ZhangSan.
2. On the top navigation bar, click Monitor. From the left navigation pane, select View Management > Device View. You can view only the devices in the resource group Region_A Resources.
Figure 32 Resource permissions of operator ZhangSan
