Table of Contents
Advertisement
Using Role-Based Administration Effectively
Enterprise Organizations
Copyright © 2010, Juniper Networks, Inc.
Activities are predefined tasks within NSM. The NSM administrator can combine multiple
activities into a custom role.
NOTE: You cannot define a custom activity.
With role-based administration, you can specify who has what permissions for NSM
functionality for the entire NSM system, a single domain, or even specific functionality
within a domain. You can even delegate NSM administrator management, enabling
existing NSM administrators to create other NSM administrators, assign domains, and
define or create roles.
NOTE: A device administrator is the person responsible for managing a device
directly, using the command line or GUI for the local OS (ScreenOS, Junos,
IC, or SA). If a device administrator uses only the local OS command line or
GUI to manage devices, do not create an NSM administrator account for the
device administrator; however, if a device administrator uses both the local
OS and NSM to manage devices, you must create an NSM administrator
account for the device administrator.
The structure of your NSM domains should reflect both your existing network structure
and your desired permission structure.
Network Structure—Use multiple domains to segregate large, geographically distant
networks into locally managed sections.
Permission Structure—Use multiple domains to segregate critical devices and systems
from less important network areas, and then restrict administrator access to devices
in the critical domain.
Your organization probably already has an existing permission structure that is defined
by job titles, responsibilities, and geographical access to your security devices. You can
re-create this same permission structure in NSM.
Role-based administration is particularly useful for Enterprise and Service Provider
organizations that have different administrative roles associated with managing a large
network and security infrastructure. RBA is also helpful for any size of organization that
wants to provide access to other device statistics to non-administrators within the
organization, such as creating a role for the CIO to access reports.
Each enterprise defines administrative roles differently. With NSM, you have the flexibility
to create the appropriate permission level.
Chapter 3: Configuring Role-Based Administration
63
Advertisement
Table of Contents
