Create User Profiles and Assign Privileges

To provide controlled access to the System Admin configurations on the Cisco NCS 4016 system, user profiles are created with assigned security levels. The security levels are specified based on the operations that user is expected to perform. Users are authenticated using username and password. Authenticated users are entitled to perform operations based on their assigned security levels.

The workflow for creating user profile is represented in this flow chart:
Figure 1. Workflow for creating user profiles


The topics covered in this chapter are:

Create a New User

To enable access to the node for multiple users, create new users and assign security levels. The user with username root can be used to set up other users.

Before you begin

Login to Cisco Transport Controller (CTC). You must log in as a Superuser to create additional users.

Procedure

Step 1

Log into the node where you need to create users.

Step 2

In node view, click the Provisioning > Security > Users tab.

Step 3

In the Users window, click Create.

Step 4

In the Create User dialog box, enter the following:

  1. Name: Type the user name. The name must be a minimum of two and a maximum of 20 alphanumeric (a-z, A-Z, 0-9) characters.

  2. Password: Type the user password.

    Note

     
    • The password length, by default, is set to a minimum of six and a maximum of 20 characters.
    • You can configure the default values in node view using the Provisioning > NE Defaults > Node > security > passwordComplexity tabs. The minimum length can be set to two, four, eight, ten or twelve characters, and the maximum length to 80 characters.
    • The password must be a combination of alphanumeric (a-z, A-Z, 0-9) and special (+, #,%) characters, where at least two characters are not alphabetic and at least one character is a special character; or the password can contain any character.
    • The password must not contain the user name.

  3. Confirm Password: Type the password again to confirm it.

  4. Security Level: Choose a security level for the user - RETRIEVE, MAINTENANCE, PROVISIONING, or SUPERUSER.

    Each security level has a different idle time. The idle time is the length of time that CTC can remain idle before the password must be reentered. The defaults are: Retrieve user = unlimited, Maintenance user = 60 minutes, Provisioning user = 30 minutes, and Superuser = 15 minutes.

  5. Click OK.

Step 5

To create new user on multiple nodes:

Note

 
All nodes where you want to add users must be accessible in network view.

  1. Go to the Network View, and click Provisioning > Security > Users.

  2. Follow steps 3 and 4.

  3. In the Select Applicable Nodes area, deselect any nodes where you do not want to add the user (all network nodes are selected by default).

  4. In the User Creation Results dialog box, verify that the user was added to all the nodes chosen in Step 5c. If not, click OK and repeat steps 2 to 6.

Step 6

Click OK.

The user is created on the node.

What to do next

If you want to modify the user settings, you can change the settings.

Modify User Settings and Security Levels

You can change the user settings of an existing user at one node or at multiple nodes. The modifications that you make will only be applicable when the user logs out and logs back into Cisco Transport Controller (CTC).

Before you begin

Login to CTC. You must log in as a Superuser to modify user privileges.

Procedure

Step 1

To change user setting on a single node:

  1. In node view, click the Provisioning > Security > Users tab.

  2. Click the user whose settings you want to modify, and click Edit.

  3. In the Change User dialog box, you can:

    • Change a user password
    • Modify the user security level

  4. Click OK.

Step 2

To change user settings on multiple nodes:

  1. From the View menu, choose Go to Network View.

  2. Click the Provisioning > Security > Users tab. Verify that you can access all the nodes where you want to change the user settings.

  3. Click the user whose settings you want to modify, and click Change.

  4. Change the settings.

  5. In the Select Applicable Nodes area, uncheck any nodes where you do not want to change the user settings. All network nodes are selected by default.

    Note

     
    The Select Applicable Nodes area does not appear for users who are provisioned for only one node.

  6. Click OK.

The user settings on the node is changed.

What to do next

If you want to delete a user from a single node or multiple nodes, you can delete the user.

Delete a User

You can delete a user at one node or at multiple nodes. The modifications that you make will only be applicable when the user logs out and logs back into Cisco Transport Controller (CTC). You cannot delete a user who is currently logged in.

Note
CTC will allow you to delete a user with superusers security level only if another superuser is present. For example, you can delete the superuser with user name root, if you have created another superuser. Use this option with caution.

Before you begin

Login to CTC. You must log in as a Superuser to delete users.

Procedure

Step 1

To delete a user from single node:

  1. In node view, click the Provisioning > Security > Users tab.

  2. Click the user you want to delete, and click Delete.

  3. In the Delete User dialog box, verify that the user name displayed is the one that you want to delete.

  4. Click Logout before delete if the user is currently logged in.

  5. Click OK.

Step 2

To change user settings on multiple nodes:

  1. From the View menu, choose Go to Network View.

  2. Click the Provisioning > Security tab.

  3. Select the name of the user you want to delete, and click Delete.

  4. In the Select Applicable Nodes area, uncheck any nodes where you do not want to delete the user settings.

    Note

     
    The Select Applicable Nodes area does not appear for users who are provisioned for only one node.

  5. Click OK.

The selected user is deleted from the node.

Recover Password using PXE Boot

If you are unable to login or lost your XR and System administration passwords, use the following steps to create new password. A lost password cannot be recovered, instead a new username and password must be created with a non-graceful PXE boot.

Procedure

Reset the password.