The DSC Platform provides security features, based on Telcordia GR815 standard, to ensure authenticated access to functions appropriate for each user and the audit of the work performed by those users.
User authentication and authorization on the DSC Platform takes place using the User Profiles and Privileges (UPP) by default. The UPP feature allows the assignment of command execution privileges to user IDs. These privileges determine the respective command sets that are authorized for each user.
You can obtain and configure (a) RADIUS sever(s) to perform these functions. If the RADIUS server is configured, available, and is enabled on the DSC Platform, user authentication is done by this server. Any changes to user management should be made on the RADIUS server. However, if the RADIUS server is improperly configured, unavailable, or disabled, the system reverts to UPP for user authentication and authorization. The RADIUS server is disabled by default. For more information about the RADIUS server, see RADIUS.
If you have a RADIUS server configured for user authentication and authorization, it is recommended that you review both this section and the RADIUS.
The assignment of user commands includes the following capabilities:
- only predefined user profiles are supported
- each user ID who logs onto the system is granted only one user profile
- an audit trail that records any unauthorized access attempt
- UPP profiling data that is persistent on reboots
The DSC Platform supports the following four user profiles:
- SS7 Administrator (SS7_ADMIN)
- MTP Operator (MTP_OPERATOR)
- SCCP Operator (SCCP_OPERATOR)
- Read-only (MONITOR)
The terms in the preceding list that appear in the parenthesis show how the user profiles appear in the Web UI.
A ROOT user is a special user who has access to all system utilities and has the ability to create/add users, delete users, and assign user profiles and have read/write (rw) access.
The MTP_OPERATOR, SCCP_OPERATOR, and MONITOR users have limited read-only (ro) access to the system.
All users when first created are UNPROFILED users who are waiting for the ROOT user to assign them a user profile.
Only one user should be logged onto the system from the same IP address at any one time. Otherwise, the system ensures that all users have the same access level as the user who logged onto the system last.
The following table lists the various access levels to the DSC's SS7, Diameter, and monitoring configuration utilities.
Although the following table specifies the ADMIN access level to the SS7 configuration utilities, also use this access level to the Diameter configuration utilities.
|User Profile and Privileges (UPP)||Unavailable||Unavailable||Unavailable||Unavailable|
|Level 4 Converter||rw||ro||rw||ro|
|Platform Manager Configuration Utilities|