Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Understanding User Administration

    This topic describes how to administer user accounts and assign permissions (roles) for the cCPE Selfcare application.

    The cCPE Selfcare application uses the user management, authentication, and role-based permission control features of the Junos Space Network Management Platform on which it runs. Use Junos Space Network Management Platform for tasks such as adding, deleting, and editing user accounts and roles, and changing user passwords.

    Predefined Roles

    The cCPE Selfcare application provides several predefined roles you can use to administer user accounts for your cCPE customers. These predefined roles enable you to define administrative responsibilities and specify the management tasks that cCPE customer network administrators are allowed to perform in the Selfcare Web portal.

    To assign roles to other users in Junos Space Network Management Platform, you must be a super administrator or user administrator.

    Each predefined role defines a set of tasks the user is allowed to perform, except for the super administrator role, which allows a user to perform all tasks.

    Table 1 shows the predefined administrator roles and corresponding tasks an administrator has permission to perform in the cCPE Selfcare application.

    Table 1: Predefined Administrator Roles for the Cloud CPE Selfcare Application for MX Series Routers

    Role Title

    Task Group and Tasks

    Selfcare Portal Customer Administrator

    Selfcare Portal Customer MonitorOnly

    Note: Not currently supported.

    Selfcare Portal Service Provider Administrator

    Selfcare Portal Service provider Readonly

    Note: Not currently supported.

    Assigning Roles

    Service providers can log in to Junos Space Network Management Platform as a super administrator to create user accounts and assign roles (permissions) that enable their cCPE customers to access and manage their cCPE services through the Selfcare Web portal. To access and manage their cCPE services, you need to assign one or more roles to the user account, which are validated during authorization. A customer with no role assignments cannot access any workspace and is not allowed to perform any tasks. Refer to the Junos Space Network Management Platform documentation for information about user administration. See, User Administration

    Administering cCPE User Accounts

    Junos Space Network Management Platform is shipped with a super administrator privilege level as the default, which enables full access to the Junos Space system. When you first log in to Junos Space Network Management Platform as default super administrator, you can perform all tasks and access all Junos Space system resources. You can create new users and assign roles to those users that specify which system resources they can access and manage, and which tasks they are allowed to perform within the workspace.

    After you first set up Junos Space Network Management Platform, you can disable the default super administrator user ID, if necessary. However, before doing so, make sure you first create another user with super administrator privileges.

    To access and manage Junos Space Network Management Platform system resources, a user must be assigned at least one role. A role defines the tasks (create, modify, delete) that the user is allowed to perform. For information on the predefined roles for the cCPE Selfcare application, see Table 1.

    Your cCPE customers receive permission to perform tasks only through the roles that they are assigned. In most cases, a single role assignment enables a user to view and to perform tasks on the objects within the cCPE customer workspace.

    The cCPE application supports the following predefined user accounts for service providers and their cCPE customers:

    • spadmin—This predefined user account for service providers has super administrator privileges. Use this user account to create your cCPE customers, sites, and access links, as well as manage cCPE services. When you create a cCPE customer, a user account in the format: admin@customer-nameis automatically created with the Selfcare Portal Customer Administrator role. A customer who logs in to the cCPE Selfcare Web portal using this account is presented with a customer-specific view.
    • portaladmin—This predefined user account for cCPE customer network administrators has Selfcare Portal Customer Administrator privileges. Your customer network administrators can use this account to manage the names and information you initially define for their sites and access links, as well as use the Selfcare monitoring capabilities.

    To manually create cCPE customer user accounts, you must define usernames in the format: admin@customer-name; for example, admin@example.com.

    Note: The customer-name portion of the user account and the name you define for the customer VPN must match exactly. The customer name is used to associate the user with the VPN and to avoid name conflicts.

    Modified: 2015-11-04