Operator
The operators manage and maintain the platform and the components. You can manage the operators and specify their privileges through the platform. Besides the password, you can also limit an operator's access through the Login Control List. With a login control list configured, the operator can log in to the system only with the IP addresses contained in the login control list.
Operator privileges include operation privileges (such as operating the navigation menu), resource privileges (such as operating devices and users), and data privileges (such as operating self-defined views, performance view, and reports). Operation privileges have the highest precedence. The system filters operators with the same operation privilege by their resource privileges and data privileges.
Functions
Precautions
- The privileges of an operator are specified by assigning the operator to an operator group.
- One operator has one login control list and the default login control strategy. The rules in a login control list are matched in order. If the operator address matches a login control rule, this rule applies directly, and subsequent login control rules are not considered. If no login control rule is matched, the default login control strategy is adopted. You can configure the default login control strategy to allow or prohibit the operator with no login control rules matched to log in or from logging in to the system.
- An operator with three continuous access failures is blocked for a specific time period to avoid malicious login attempts.
- If you modified the login control list of an operator, the modifications take effect next time the operator logs in to the system.
- The admin is created upon system installation. It owns all rights and cannot be deleted.
- If the operation permissions for the operator group to which an operator belongs change or the device groups, user groups, or custom views that can be managed by an operator change, the operator must log in again to make the new permissions take effect.
Parameters
- Authentication Type: Authentication type for operators logging in, password authentication by default. When password authentication is used, enter either the login name or full name and the password for authentication. When using RADIUS authentication or LDAP authentication, no login password is required, but you need to configure the authentication server parameters in the Authentication Server page. When the authentication type is RADIUS or LDAP, the system uses Login Name or Full Name for authentication.
- Login Control List: Defines the range of the IP addresses from which an operator is allowed to log in. The login control list specifies the IP addresses from which an operator is allowed to log in to the Web-based management interface, providing security for the platform. You can add the login control rules manually, or select one from the existing Login Control Template.
- A login control list contains multiple rules, each of which consists of Start IP, End IP, and Action (Permit or Deny).
- Operator Group: Assigns an operator to a operator group. The default operator groups include the admin group, the maintainer group, and the viewer group. You can also customize operator groups.
Related Topics