Skip to end of metadata
Go to start of metadata

The DSC Platform provides security features, based on Telcordia GR815 standard, to ensure authenticated access to functions appropriate for each user and the audit of the work performed by those users.

User authentication and authorization on the DSC Platform takes place using the User Profiles and Privileges (UPP) by default. The UPP feature allows the assignment of command execution privileges to user IDs. These privileges determine the respective command sets that are authorized for each user.

You can obtain and configure (a) RADIUS sever(s) to perform these functions. If the RADIUS server is configured, available, and is enabled on the DSC Platform, user authentication is done by this server. Any changes to user management should be made on the RADIUS server. However, if the RADIUS server is improperly configured, unavailable, or disabled, the system reverts to UPP for user authentication and authorization. The RADIUS server is disabled by default. For more information about the RADIUS server, see RADIUS.

Note

If you have a RADIUS server configured for user authentication and authorization, it is recommended that you review both this section and the RADIUS.


The assignment of user commands includes the following capabilities:

  • only predefined user profiles are supported

  • each user ID who logs onto the system is granted only one user profile

  • an audit trail that records any unauthorized access attempt

  • UPP profiling data that is persistent on reboots

The DSC Platform supports the following four user profiles:

  • SS7 Administrator (SS7_ADMIN)

  • MTP Operator (MTP_OPERATOR)

  • SCCP Operator (SCCP_OPERATOR)

  • Read-only (MONITOR)

Note

The terms in the preceding list that appear in the parenthesis show how the user profiles appear in the Web UI.


A ROOT user is a special user who has access to all system utilities and has the ability to create/add users, delete users, and assign user profiles and have read/write (rw) access.

The MTP_OPERATOR, SCCP_OPERATOR, and MONITOR users have limited read-only (ro) access to the system.

All users when first created are UNPROFILED users who are waiting for the ROOT user to assign them a user profile.

Caution

Only one user should be logged onto the system from the same IP address at any one time. Otherwise, the system ensures that all users have the same access level as the user who logged onto the system last.

The following table lists the various access levels to the DSC's SS7, Diameter, and monitoring configuration utilities.

Note

Although the following table specifies the ADMIN access level to the SS7 configuration utilities, also use this access level to the Diameter configuration utilities.

Table : Access Levels to the DSC SS7, Diameter, and Monitoring Configuration Utilities

 Configuration Utilities SS7_ADMIN MTP_OPERATOR SCCP_OPERATOR MONITOR
User Profile and Privileges (UPP) Unavailable Unavailable Unavailable Unavailable
MTP2 HW rw rw ro ro
ATM HW rw rw ro ro
IO HW rw rw ro ro
Hardware Monitor rw rw rw ro
MTP3 rw rw ro ro
SNMP rw rw rw ro
GWST rw rw ro ro
SCCP rw ro rw ro
IWF rw rw rw ro
SNAMI UI
rw ro rw ro
DSC rw rw rw ro
Slot Monitor rw rw rw ro
Signaling Gateway rw ro rw ro
GTT rw ro rw ro
PCE rw ro rw ro
Level 4 Converter rw ro rw ro
IMF rw ro rw ro
INAPGW rw ro rw ro
Platform Manager Configuration Utilities
 

Read-only, except:

  • application configuration backup
  • test mail server
  • ping/trace (server) test
  • change password
  • remote access (Secure Link)
  • ability to add/edit/delete an IP Route

Read-only, except:

  • test mail
  • ping/trace (server)
  • change own password
  • remote access (Secure Link)
  • ability to add/edit/delete an IP Route

Read-only, except:

  • test mail
  • ping/trace (server)
  • change own password
  • remote access (Secure Link)
  • ability to add/edit/delete an IP Route

Read-only, except:

  • test mail
  • ping/trace (server)
  • change own password

  • No labels