User management is an essential part of network management that helps in maintaining controlled access to the product. Some compliance standards and best practices address the need for controlled access of system accounts to ensure that access to core devices like routers, switches, firewalls, and servers is controlled and sensitive data along with vital metrics collected from the network are not exposed, edited, or tampered with.
These standards include Sarbanes Oxley's (SOX's) identity and access management requirements, the PCI Security Standards Council's (PCI SSC's) Software Security Framework, the System and Organization Controls' (SOC's) SOC 2 compliance, the Health Insurance Portability and Accountability Act's (HIPPA's) Security Rule, and the National Institute of Standards and Technology's (NIST's) Access Control Policy and Procedures. It is important from a security perspective and a compliance standpoint that access levels of users should be determined individually.
OpManager provides a wide range of options to customize the appropriate access levels for every individual user in the organization, ensuring fine-grained authorization. In OpManager, multiple users can be created and their level of access across different modules of the network can be customized. This prevents unwanted changes to the network and helps in managing the network by letting the administrator determine which parts of the network the individual user is privy to.
With OpManager's Custom Roles, you can customize user management by granting access levels individually for different modules in OpManager. The different levels of access that can be provided for users through Custom Roles include: Read/Write, Read, and No Access.
In OpManager's User Management, there are two default User Roles, namely, Administrator and Operator. These roles, if selected, are applied to all modules of the product.
Administrator - Administrator users have unrestricted access to perform read/write operations in OpManager. They can add and remove devices, troubleshoot issues, change configurations, and more without any limitations. In other words, they have complete access.
Operator - Operator users have read-only/restricted access in OpManager. The Operator can view and monitor all modules in OpManager, but cannot edit, add, or remove devices or make changes to network configurations.
As an alternative to default roles, OpManager offers the creation of Custom User Roles to facilitate customizable access levels for different modules. By creating custom User Roles, the administrator can provide fine-grained authorization by selectively choosing the level of access—Read/Write, Read, or No Access—specific to modules for every IT Administrator and Operator in the organization. This ensures controlled access and a need-based access system.
To create custom User Roles, go to Settings > General Settings > User Management > Roles in the OpManager UI, and click Add Role. Here you can add a name and description for the role and choose the access level required (Read/Write, Read, No Access) for different modules.
To create a new user in OpManager, go to Settings > General Settings > User Management > Add User. You can select the desired User Role, User Type, and other required credentials and details required for the user.
Note: To learn more about User Types in OpManager, click here.
The devices available to the user can be determined in the Scope tab. The user can view either all devices or selected devices available in a Business group. To create a Business View, go to Maps > Business View. Learn more.
For example, consider the case where Read/Write access has to be granted to a team responsible for handling alarms, and the team does not have any connection with the other modules in OpManager. In such a case, the default user roles—Administrator and Operator—do not provide the right level of access required for this team. The Administrator role would provide Read/Write access for all modules and devices while the Operator role would only be able to provide Read access.
In this case, a Custom User Role can be created; in the Scope tab, Read/Write access can be provided only for alarms and the user can be restricted to Read-only access for other modules. This provides the apt level of access needed in this scenario.
Access to add-on modules like Netflow, Network Configuration Manager, Firewall, OpUtils, Applications Manager, and related devices can also be determined in the Scope tab. Users in OpManager can then select the modules and devices that they want displayed in their dashboard from the list of modules and devices they have access to, providing a custom user experience.
Learn more about OpManager or download a free, 30-day trial to experience network management with role-based access control. You can also try a free online demo, or schedule a free, personalized demo with our experts who can answer all your product questions.