User Management
User Management administers user information such as permissions, authentication modes, and sessions, ensuring that users can use the system within their scope of authority and safeguarding user information and the system. User Management allows you to attach roles to users and manage the permissions of roles, facilitating optimal resource allocation and permission management and improving O&M efficiency.
The ManageOne OM plane allows administrators to access other O&M systems through Quick Links on the O&M Maps page, facilitating unified operation and management.
Concepts
- Managed object: defines what resources users can manage. After logging in to the system, users can see the resources only within their management scopes.
- Operation rights: indicate the permissions of users to perform a specific operation. After operation rights are assigned to a role, all users attached to this role can perform related operations.
- Operation set: is a set of operation rights that can be assigned to roles. Users attached to a role inherit the operation rights of the role. The system provides the following default operation sets:
- Application Operation Set: For authorization security purposes, the application operation set contains all application operation rights except User Management, Query Security Log, License Manager, View Online Users, and Query Personal Security Log.
- Fault Operator Operation Set: contains all alarm operation rights except Synchronize Alarms and Alarm Extension.
- Fault Maintainer Operation Set: contains all alarm operation rights except Alarm Extension.
Logical Architecture
User authorization is a process of granting permissions on certain objects to users.
Figure 7-24 and Figure 7-25 show the logical architecture of user authorization in User Management.
- Authorization for default roles: You can attach a user to a default role. The user inherits the permissions of the role.
- Authorization for custom roles: To authorize a user with an object on which this user needs to perform operations, you can add this object to the managed objects of the role that this user is attached to. To authorize a user with an operation that this user needs to perform, you can add this operation to the operations for which the role that this user is attached to have operation rights.
Personal Data Description
The following describes personal data involved in User Management, including the data type, purpose, and handling method.
- Data Type
Data types include mobile numbers and email addresses.
- Purpose
Users' mobile numbers and email addresses are used by User Management to send alarm information and monitoring data to users.
- Handling Method
Mobile numbers and email addresses are stored in encryption mode.
Mobile numbers and email addresses are anonymized on the GUI and are transmitted through HTTPS channels.
Mobile numbers and email addresses are not exported during user information exporting.
Previous
