Creating Group Security

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]

NMC-RX 7.3.x User Guide, Vol. 1 > Configuring Security Settings > Creating Group Security
Creating Group Security

Only a user with security privileges can create groups and provide them with network group security. Users with read/write and read-only privileges can perform functions only in the groups to which a user with security privileges assigns access. All groups that a security user creates participate in this network group security feature.

The NMC-RX application does not support security at the device level. To establish security for a particular device, the user with device administration privileges can create the device as a member of a group and apply a security setting and, if needed, a security filter to the group.

NOTE: Group security cannot be enforced at the CLI, because the E-series router itself does not have a group concept.

To create a group:

From the Network Workshop, click the Juniper Networks icon in the upper-left corner of the context area.

Right-click, select Create, and click Group.

The Create Group dialog box appears.
Set the Create Group parameters (Table 34).
 Table 34:  Create Group Parameters  

 Parameter
 Description

 Group Name

 Name of the group; cannot exceed 32 alphanumeric characters and may include spaces.


 Group Parent

 Name of the parent for the new group. If the new group does not have a parent, the Group Parent text box reads None, which means the group is at the top level.


 Group Description

 Descriptive or contextual information up to 255 alphanumeric characters. The resulting description appears whenever you access its associated group. You can easily change or delete a description at any time.



 
Select a Security Setting option (Table 35).
 Table 35:  Security Settings  

 Setting
 Description

 None

 Also known as public access. This is the default. If the group is a subgroup, no filter is applied to the privilege level of the group. The group is visible to any user who is in the access list of the parent group to which this group belongs or is available systemwide.


 Permit

 Also known as private access. This group is visible to users who are in the filter list of the group, provided that the users are also in the access list of the parent group to which this group belongs. 


 Deny

 This group is visible to anyone in the access list of the parent group to which this group belongs, except those users to whom the group's own filter denies access.



 
 NOTE: The access list for a group is derived by filtering the access lists from the top level of the navigational tree down to the given group.



 
If the group is a top-level group and you select None, the Allowed Users list contains all the users configured for the NMC-RX application. If the group is the child of a parent group and you select None, the Allowed Users list contains all of the users that have access to the parent group.

If you select None, the Insert/Remove Users button is disabled. If you select either Permit or Deny, the Insert/Remove Users button is enabled, which lets you create a filter list of users who are permitted or denied access to the group.

Click the Insert/Remove Users button.

The Create Group Security - Insert/Remove Users dialog box appears. In this dialog box, you can display a list of users for either the parent group or the entire system. From this list, you can create a filtered list of users with access to the group (or subgroup) that you are creating.
To create a filter list for the group, individually select the users in the Available Users list, and click the Add button to add the users to the Filter List.

To add the entire list of available users to the Filter List, click the Add All button.

To remove users from the Filter List individually or collectively, either select a user in the Filter List and click Remove, or click Remove All.

Click OK to save the settings.

The dialog box closes, and the Create Group dialog box appears. The filter list of users is displayed in the Security Filter list.

Click OK to save the new group.

The new group name and folder icon appear in the list in the context area of the Network Workshop.

NOTE: If you set security to Deny access but do not add at least one user in the Security Filter list, an error message appears.

Parameter	Description
Group Name	Name of the group; cannot exceed 32 alphanumeric characters and may include spaces.
Group Parent	Name of the parent for the new group. If the new group does not have a parent, the Group Parent text box reads None, which means the group is at the top level.
Group Description	Descriptive or contextual information up to 255 alphanumeric characters. The resulting description appears whenever you access its associated group. You can easily change or delete a description at any time.

Setting	Description
None	Also known as public access. This is the default. If the group is a subgroup, no filter is applied to the privilege level of the group. The group is visible to any user who is in the access list of the parent group to which this group belongs or is available systemwide.
Permit	Also known as private access. This group is visible to users who are in the filter list of the group, provided that the users are also in the access list of the parent group to which this group belongs.
Deny	This group is visible to anyone in the access list of the parent group to which this group belongs, except those users to whom the group's own filter denies access.

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]