Manage NCM user accounts and assign NCM roles
NCM roles determine what NCM functionality a user or group account can access. By default, user accounts in the Orion Platform do not have access to any NCM functionality.
Only a user with Administrator privileges can create or edit user accounts and assign NCM roles.
Grant access to NCM functionality
- Create a new user account in the Orion Platform, or edit an existing account.
- Expand the Network Configuration Manager Settings section.
- Assign the NCM role that defines what NCM functionality is available to this user account. To be able to make configuration changes and upload them, the account must have at least the WebUploader role.
- If you want to prevent the account from being able to access specific NCM views, select None for those views.
- Click Submit.
The following roles are available.
|Administrator||This role has unlimited access to NCM functionality, including device configuration management, user account management, and configuration change approvals.|
|Engineer||This role has Administrator privileges, but cannot view the device configuration transfer status for all users.|
|WebUploader||This role has read and write access on network devices. However, if an approval system is enabled, this role cannot change device configurations without Administrator approval.|
|WebDownloader||This role can read and download network device configurations.|
|WebViewer||This role can only read network device configurations.|
|None||For new accounts, this role is selected by default. This role cannot access NCM features and functions. This role will not see NCM resources on non-NCM views in the Orion Web Console. Even if the account has privileges to add nodes, the user cannot add nodes to NCM (the Add Node option does not appear), and NCM properties are hidden when the user edits a node.|
Device access information
An NCM user logs on directly at the network device with unencrypted credentials and can perform actions the NCM role gives permission for.
If the network administrator wants to use the same credentials for NCM to log on to all network devices, the NCM software provides a Global Login and an option to enable global login settings on all devices. See Options for specifying NCM connection information.
Third Party Authentication
If a network administrator sets up third-party authentication, such as a Diameter, RADIUS, or TACACS server, the admin should create valid accounts and permissions in the authentication server database for NCM users.
Only NCM interacts with network devices, not the authentication server. Though the network device must handle interaction with Diameter, RADIUS, TACACS , or any other authentication server, special logic in the relevant NCM component (SWTelnet9) handles the RADIUS authentication prompt, since devices connected to the RADIUS server may have a slightly different login flow.