Skip to end of metadata
Go to start of metadata

Overview

The Administrator or Field Service user may add users from EMA or CLI. Privileges are set by associating the username with one of the predefined user groups as shown in the table below.

Sonus recommends creating individual user IDs for each person requiring access to the SBC, even if multiple users share the same roles/permissions. The intent is to avoid a situation where all "Administrator" level users login as the literal "admin" user.

Sonus further recommends creating a "recovery" or "maintenance" type of user which is only needed in case it becomes necessary to login to the CLI to terminate one or more hung sessions.

Actual user names are at the discretion of the customer; however, Sonus highly recommends avoiding the use of common words such as admin, administrator, root, system, etc. for security purposes.
The idle timeout value for a CLI session can be reduced to avoid abandoned CLI sessions from monopolizing resources. See Managing Idle Time-Out Sessions for details.

Table : User Group Capabilities

User Group/Role

Capabilities

Guest

Read-only access to all commands and data spaces except commands that deal with user accounts, logging and audit controls, the TOD clock and sensitive administrative items. They do not have access to the Field Service shell, Security Event logs, and management audit logs.

Operator

Read-write access to all commands and data spaces except commands that deal with user accounts, logging and audit controls, the TOD clock, and sensitive administrative items. They do not have access to the Field Service shell, Security Event logs, and management audit logs and cannot execute any commands stopping or starting these audit log services.

Calea

Read-write access to Lawful Intercept tables, and Read access to other tables. Only Admin user can add or remove user from this group. Only one user named “calea” is allowed in this group, and “calea” user cannot be part of any other group.

Field Service

Read-write access to all commands and data spaces excluding some administrative functions only available to admin users.

Administrator

Read-Write access to all commands and data spaces.

Security AuditorRead-only access to view the security logs and management audit logs. The commands executed by the Security Auditor are logged in the Management Audit log.

Adding Users

The CLI syntax to create a new username is shown below. Once the command is committed, the system automatically generates and displays a password to the username creator.

% set oam localAuth user <user_name> group <group_name>

Creating a user ID named "sonusadmin" via CLI is not allowed. If "sonusadmin" exists when upgrading to this release, it will automatically be removed.

When the new user logs in for the first time, the user may change the password using the change-password system-level command (see Changing Password).

The following commands are executable only by the Administrator and Security Auditor users:

% show utils eventLog
% show configuration details oam eventLog typeAdmin <audit | security>
% show status oam eventLog typeStatus <audit | security>

The following commands are executable only by the Administrator:

% set oam localAuth user <user name> group
% set oam eventLog typeAdmin <audit | security>
% request oam eventLog typeAdmin <audit | security> rolloverLogNow
% request oam eventLog filterStatus <card_name> security security resetStats
% set oam eventLog filterAdmin <card_name> <audit | security> <audit | security>

The command for creating a user of type SecurityAuditor is given below:

% set oam localAuth user auditor group SecurityAuditor

For an explanation of CLI commands, see the CLI Command Reference.

To add or view user details from EMA GUI, select Administration > Users and Application Management tab, and then choose User and Session Management perspective from the navigation panel. See Users and Application Management - User and Session Management page for details.