The User Administration window is used by the NorthStar Planner admin to create and manage accounts for accessing the software and Web Portal.
Accessing the User Administration Window
To access the User Administration window, you must log in to the client with the user account used to install the server. Other users will not see the User Administration window.
There are three types of users:
Full Access users who can log into the client and optionally the web, which are mapped to a Unix User. Any Full Access user created through the User Administration window must map to an existing Unix user on the NorthStar Planner server. The login name used to log in to NorthStar Planner should be the same as the Unix user name. The corresponding password is the same as the password for the corresponding Unix user account. The only exception is the “admin” user which is mapped to the Unix account of the user that installed the application. Authentication is done through an LDAP server that is installed on the same server machine of NorthStar Planner.
Web Portal users who are restricted to the web only.
Web VPN users who are restricted to the web VPN view. These users can be assigned access to view only certain VPN customers.
Creating User Groups and Permissions
An admin user can create any number of NorthStar Planner user groups and assign to each of these group a custom set of permissions. Select the group type and enter in the group name.
Once a user group has been created, you can assign permissions to that user group. Some features allow both View/Enable and Modify permissions, while others are turned completely on or off with just the View/Enable permission.
Note that enabling some features may require additional features to be enabled as well. This is because certain features are dependent on other features to be enabled before they can be accessed. When selecting the check box for such a feature, the checkbox(es) of the additional required feature(s) will automatically be checked as well.
To select all View/Enable or Modify items within a category, check the corresponding checkbox in the gray row indicating a category. Click the gray checkbox again to deselect all items under that category. Individual items within a category can also be turned on and off.
Changes made to a user group’s permission checkboxes are saved when clicking “Apply” or “OK.”
For the live network view, Full Access and Web Portal users can be restricted to being able to directly access the routers only for particular region(s). For devices outside of the permitted regions, which are grouped into the OUTSIDE_REGION group, view-only access is provided, and features such as ping, traceroute, show config, and hardware inventory are disabled. To limit the region(s), first define the regions in the top Regions tab. Note that you need to have run a live network task in order to define regions based on routers collected in the task.
Select the routers to add to a region from the left pane and then click Add to New Region to create a new region with these selected routers. Alternatively, click Add New Region in the right pane and then select multiple routers (using <Shift> and <Ctrl> keys), and drag them from the left pane to the right pane. Note that you must drag them over a group name and not over a group member to add them to a group. To move a router from one group to another, select the router, and drag it to another group. To remove the router from the group, drag it outside of the right pane. Click Apply to save your changes.
Setting Regional Permissions
Once the region has been added, select the User Groups tab.at the bottom of the right pane and select the Regions tab. Here, you can limit the permissions for accessing the router live by unchecking the All Regions checkbox and then checking the corresponding region(s) to which the user can have access.
Creating Users / Assigning Users to Groups
Once user groups have been setup with the desired permissions, you can create users and assign them to user groups. To create a user, click on Add User icon button on the bottom of the Users tab of the User Administration window.
Type a login name next to Name. Next, choose the radio button for the appropriate group type (Full Access, Web Portal, or Web VPN). Then select one of the available groups for that group type.
For Full Access users, please choose a valid Unix User ID to map the new NorthStar Planner user to. This should be the same as the login name. (Note: To add a new user ID, you must access the server via telnet or ssh window, switch to root user, and either run “admintool” (requires display of the desktop) or use the “useradd” command (for example, “
useradd -g staff -d /export/home/wandl wandl” would add user wandl in group staff with home directory /export/home/wandl). Subsequently, you may create a password for that user using the command “passwd userid” substituting userid with the Unix User ID. Note that you can similarly modify or delete a Unix user ID as root user using the commands “usermod” and “userdel”.)
For Web Portal and Web VPN users, enter in a password to log in to the web interface.
Optionally specify additional contact information such as Email, Phone, IM, and a Description for this new user.
Max Logins can be configured to control the maximum number of times a specific user can be logged into the NorthStar Planner server.
Access level (Full Control, Browsing, Restricted, or Blocked) can be configured to further control the access level of a user.
Full Control Access: The Full Control user can modify, perform design and simulation on the network model in NorthStar Planner.
Browsing Access: The Browsing user can only open a network model in NorthStar Planner for viewing, but is not allowed to perform any modification, design, or simulation on the network model.
Restricted Access: The Restricted user has Browsing privileges, but with even stricter limitations to view only certain networks, files and directories: Once logged in, the Restricted user can only navigate to the Home Directory and its child directories. Only spec.* and newdemand.* network files are displayed in the File Manager. The user cannot access "Hidden" files. All Report Manager reports are read-only, and are not regenerated before displaying in the Report Manager. Certain menus are disabled.
Block Access: The user is blocked from opening a network model in NorthStar Planner. The length of time a user is blocked from accessing the system is defined by the Block Period in the Update GUI Login Policy section.
Once an NorthStar Planner user name has been added, that user name will also appear in the User Groups tab of the User Administration window under the group to which it belongs. To modify an existing user, select the user in the Users tab, and click the Modify Icon button at the bottom of the window. To delete an existing user, select the user and click the Delete Icon button.
If the user name has been mapped to a valid Unix User ID, the new user should be able to log in to the NorthStar Planner client and interface, when assigned the appropriate privileges, using either the user name and the corresponding password for this Unix User ID.