- Overview of Prime Network GUI clients
- Setting Up the Prime Network Clients
- Setting Up Change and Configuration Management
- Setting Up Vision Client Maps
- Setting Up Native Reports
- Setting Up Fault Management and the Events Client Default Settings
- Viewing Devices, Links, and Services in Maps
- Drilling Down into an NE’s Physical and Logical Inventories and Changing Basic NE Properties
- Manage Device Configurations and Software Images
- How Prime Network Handles Incoming Events
- Managing Tickets with the Vision Client
- Viewing All Event Types in Prime Network
- Cisco Path Tracer
- Managing IP Address Pools
- Monitoring AAA Configurations
- Managing DWDM Networks
- Managing MPLS Networks
- Managing Carrier Ethernet Configurations
- Managing Ethernet Networks Using Operations, Administration, and Maintenance Tools
- Monitoring Carrier Grade NAT Configurations
- Monitoring Quality of Service
- Managing IP Service Level Agreement (IP SLA) Configurations
- Monitoring IP and MPLS Multicast Configurations
- Managing Session Border Controllers
- Monitoring BNG Configurations
- Managing Mobile Transport Over Pseudowire (MToP) Networks
- Managing Mobile Networks
- Managing Data Center Networks
- Monitoring Cable Technologies
- Monitoring ADSL2+ and VDSL2 Technologies
- Monitoring Quantum Virtualized Packet Core
- VSS Redundancy System
- Icon Reference
- Permissions Required to Perform Tasks Using the Prime Network Clients
- Correlation Examples
- Managing certificates
- Vision Client Permissions
- Events Client Permissions
- Change and Configuration Management (CCM) Permissions
- Permissions for Business Tags and Business Elements (Vision and Events Clients)
- Reports Permissions (Vision and Events Clients)
- Technologies and Services Permissions
- Permissions for Managing Carrier Ethernet
- Permissions for Managing Carrier Grade NAT
- Permissions for Managing DWDM
- Permissions for Using Ethernet OAM Tools
- Permissions for Managing Y.1731 IPSLA
- Permissions for Managing MPLS Services
- Permissions for Managing IP and MPLS Multicast
- Permissions for Managing MToP
- Permissions for Managing SBCs
- Permissions for Managing AAA
- Permissions for Managing IPPools
- Permissions for Managing BNG
- Permissions for Managing Mobile Technologies
- Permissions for Managing Data Center Networks
- Permissions for Managing Cable Technologies
- Permissions for Managing DSL2+ and VDSL2
- Permissions for Managing GPON Technology
Permissions Required to Perform Tasks Using the Prime Network Clients
Users are allowed to view and manage devices and services depending on how their user account is configured.
- For GUI operations that do not affect network elements, authorization is based on the default permission that is assigned to your user account.
- For NE operations (tasks that do affect elements), authorization is based on whether the element is in one of your assigned device scopes and whether you meet the minimum security level for that scope.
For more information on user authorization, see the Cisco Prime Network 5.2 Administrator Guide.
These topics provide tables that describe the permissions required to perform tasks in Prime Network.
- Vision Client Permissions—Basic operations, map and inventory window operations, Cisco PathTracer, link operations, ticket operations
- Events Client Permissions—All operations performed from the Events client.
- Change and Configuration Management (CCM) Permissions—Device configuration and software image file management
- Permissions for Business Tags and Business Elements (Vision and Events Clients)—Labels that are applied to NEs
- Reports Permissions (Vision and Events Clients)—The native reports feature that is launched from the Reports menu
- Technologies and Services Permissions—The technologies and services that are managed from the Vision client inventory window
Vision Client Permissions
- Permissions for Vision Client Basic Operations
- Permissions for Vision Client Maps
- Permissions for Vision Client NE-Related Operations
- Permissions for Vision Client Cisco PathTrace
- Permissions for Vision Client Links
- Permissions for Tickets in Vision Client
Permissions for Vision Client Basic Operations
|
|
|
|
|
|
---|---|---|---|---|---|
X1 |
|||||
1.Each user can change their own password, but only the Administrator role can change another user’s password. |
Permissions for Vision Client Maps
Vision Client Maps—NEs in User’s Scope
|
|
|
|
|
|
---|---|---|---|---|---|
|
|||||
|
|||||
|
|||||
|
|||||
Find and select a link in a map 2 |
|||||
|
|||||
|
|||||
|
|||||
2.This applies to links within the selected context, and not links identified as network links. |
Vision Client Maps—NEs Not in User’s Scope (or Actions Not Related to NEs)
|
|
|
|
|
|
---|---|---|---|---|---|
|
|||||
|
|||||
|
|||||
|
|||||
Find and select a link in a map 3 |
|||||
|
|||||
|
|||||
|
|||||
3.This applies to links within the selected context, and not links identified as network links. |
Permissions for Vision Client NE-Related Operations
Vision Client NE Operations—NEs in User’s Device Scope
|
|
|
|
|
|
---|---|---|---|---|---|
View network element properties in logical and physical inventory |
|||||
—4 |
— 1 |
— 1 |
X 1 |
X 1 |
|
X5 |
X 2 |
||||
Vision Client NE Operations—NEs Not in User’s Device Scope (or Actions Not Related to NEs)
|
|
|
|
|
|
---|---|---|---|---|---|
View network element properties in logical and physical inventory |
|||||
—6 |
— 1 |
— 1 |
X 1 |
X 1 |
|
X 2 |
|||||
6.Most commands provided with Prime Network require Configurator privileges. For commands created using Command Manager or Command Builder, the access role is specified when the command is created. |
Permissions for Vision Client Cisco PathTrace
Vision Client PathTrace—NEs in User’s Device Scope
|
|
|
|
|
|
---|---|---|---|---|---|
Vision Client PathTrace—NEs Not in User’s Device Scope (or Actions Not Related to NEs)
|
|
|
|
|
|
---|---|---|---|---|---|
Permissions for Vision Client Links
Vision Client Links—NEs in User’s Scope
|
|
|
|
|
|
---|---|---|---|---|---|
X 7 |
X 1 |
X 1 |
X 1 |
||
7.Link properties are limited in the Links view; not all information is available. |
Links: NEs Not in User’s Scope (or Actions Not Related to NEs)
|
|
|
|
|
|
---|---|---|---|---|---|
X 8 |
|||||
X 9 |
|||||
8.Link properties are limited in the Map view; not all link information is available. 9.Link properties are limited in the Links view; not all link information is available. |
Permissions for Tickets in Vision Client
The following conditions apply when working with tickets in the Vision client:
- If an element that is outside of your scope is the root cause of a ticket that affects an element in your scope, you can view the ticket in the Vision client, but you will not be able to:
– View inventory by clicking the Location hyperlink.
– Acknowledge, deacknowledge, clear, add note, or remove the ticket.
- You can acknowledge, deacknowledge, clear, remove, or add notes for a ticket only if you have OperatorPlus or higher permission for the element that holds the root alarm for that ticket.
- If the source or contained sources of the ticket are not in your scope, you cannot view the ticket in the ticket table, view ticket properties, or perform actions on the ticket.
- If the ticket contains a source that is in your scope, but the source is not the root cause, you can view the ticket in the ticket table and view ticket properties, but you cannot perform actions on the ticket.
- If the source of the ticket is in your scope, you can view the ticket in the ticket table, view ticket properties, filter tickets, and perform actions on the ticket.
- By default, users with the Administrator role have access to all managed elements and can perform any action on tickets. To change the Administrator user scope, see the topic on device scopes in the Cisco Prime Network 5.2 Administrator Guide.
The following table identifies the roles required to perform the high level tasks:
|
|
|
|
|
|
---|---|---|---|---|---|
X 10 |
|||||
10.In addition, the security level for the device scope must be OperatorPlus or higher for the device that holds the root alarm for a ticket. |
Events Client Permissions
This topic identifies the roles that are required to work with the Events client. Prime Network determines whether you are authorized to perform a task as follows:
- For GUI operations that do not affect elements, authorization is based on the default permission that is assigned to your user account.
- For NE operations (tasks that do affect elements), authorization is based on the default permission that is assigned to your account. That is, whether the element is in one of your assigned scopes and whether you meet the minimum security level for that scope.
Change and Configuration Management (CCM) Permissions

Note In CCM, the user role always takes precedence over the device scope security level.
|
|
|
---|---|---|
|
||
|
||
Edit the edited archive version of configuration files and restore them to devices |
||
Manage labels for archive files11 |
||
Restore the edited archive versions of configuration file to device |
||
|
||
|
||
|
||
Note To execute a fix job, the device-level role of the user must be Configurator or Administrator. The role of the user for a device overrides the role of a user on Prime Network. |
||
View the fix job results12 |
||
|
||
|
||
Administer jobs (suspend, delete, and so forth) 2 |
||
11.Configuration files are filtered according to the device scope of a user. 12.Users with Viewer, Operator, and OperatorPlus roles can view only their own jobs; Users with Configurator role can view and manage their own jobs; Administrators can view and manage all jobs. ![]() If a user role is modified in Prime Network, you need to logout from CCM and then login again for the changes to get effect. For information on how Prime Network performs user authentication and authorization, including an explanation of user access roles and device scopes, see the Cisco Prime Network 5.2 Administrator Guide. |
Permissions for Business Tags and Business Elements (Vision and Events Clients)
Business Tags—NEs in User’s Scope
|
|
|
|
|
|
---|---|---|---|---|---|
Partial 13 |
|||||
Business Tags—Devices Not in User’s Scope (or Actions Not Related to NEs)
|
|
|
|
|
|
---|---|---|---|---|---|
Partial 14 |
|||||
Reports Permissions (Vision and Events Clients)
Reports—NEs in User’s Scope
|
|
|
|
|
|
---|---|---|---|---|---|
|
|||||
Partial 16 |
|||||
Reports—NEs Not in User’s Scope (or Actions Not Related to NEs)
|
|
|
|
|
|
---|---|---|---|---|---|
Partial 17 |
|||||
17.A user with the Configurator role can generate Detailed Provisioning Events reports for elements that are in and outside their scope. |
Reports—Generated by User
|
|
|
|
|
|
---|---|---|---|---|---|
X 18 |
|||||
18.You can share or unshare reports only if sharing is enabled in the Administration client. |
Reports—Generated by Other
|
|
|
|
|
|
---|---|---|---|---|---|
Reports—Report Folders
|
|
|
|
|
|
---|---|---|---|---|---|
Technologies and Services Permissions
These topics provides tables that list the permissions that are required to perform operations on devices that have the technologies or services configured on them.
- Permissions for Managing Carrier Ethernet
- Permissions for Managing Carrier Grade NAT
- Permissions for Managing DWDM
- Permissions for Using Ethernet OAM Tools
- Permissions for Managing Y.1731 IPSLA
- Permissions for Managing MPLS Services
- Permissions for Managing IP and MPLS Multicast
- Permissions for Managing MToP
- Permissions for Managing SBCs
- Permissions for Managing AAA
- Permissions for Managing IP Pools
- Permissions for Managing BNG
- Permissions for Managing Mobile Technologies
- Permissions for Managing Data Center Networks
- Permissions for Managing Cable Technologies
- Permissions for Managing DSL2+ and VDSL2
Permissions for Managing Carrier Ethernet
Carrier Ethernet—NEs in User’s Device Scope
|
|
|
|
|
|
---|---|---|---|---|---|
|
|||||
|
|||||
View associated network VLAN service links and VLAN mapping properties |
|||||
Carrier Ethernet—NEs Not in User’s Device Scope (or Actions Not Related to NEs)
|
|
|
|
|
|
---|---|---|---|---|---|
|
|||||
|
|||||
View associated network VLAN service links and VLAN mapping properties |
|||||
Partial 19 |
|||||
Partial 20 |
|||||
Partial 21 |
|||||
|
|||||
|
|||||
Permissions for Managing Carrier Grade NAT
Carrier Grade NAT—NEs in User’s Device Scope
|
|
|
|
|
|
---|---|---|---|---|---|
Carrier Grade NAT—NEs Not in User’s Device Scope (or Actions Not Related to NEs)
|
|
|
|
|
|
---|---|---|---|---|---|
Permissions for Managing DWDM
DWDM—NEs in User’s Device Scope
|
|
|
|
|
|
---|---|---|---|---|---|
DWDM—NEs Not in User’s Device Scope (or Actions Not Related to NEs)
|
|
|
|
|
|
---|---|---|---|---|---|
Permissions for Using Ethernet OAM Tools
Ethernet OAM Tools—NEs in User’s Device Scope
|
|
|
|
|
|
---|---|---|---|---|---|
Ethernet OAM Tools—NEs Not in User’s Device Scope (or Actions Not Related to NEs)
|
|
|
|
|
|
---|---|---|---|---|---|
Permissions for Managing Y.1731 IPSLA
Y.1731 IPSLA—NEs in User’s Device Scope
|
|
|
|
|
|
---|---|---|---|---|---|
Y.1731 IPSLA—NEs Not in User’s Device Scope (or Actions Not Related to NEs)
|
|
|
|
|
|
---|---|---|---|---|---|
Permissions for Managing MPLS Services
MPLS Services—NEs in User’s Device Scope
|
|
|
|
|
|
---|---|---|---|---|---|
|
|||||
|
|||||
|
|||||
|
|||||
MPLS Services—NEs Not in User’s Device Scope (or Actions Not Related to NEs)
|
|
|
|
|
|
---|---|---|---|---|---|
|
|||||
|
|||||
|
|||||
Permissions for Managing IP and MPLS Multicast
IP and MPLS Multicast—NEs in User’s Device Scope
|
|
|
|
|
|
---|---|---|---|---|---|
IP and MPLS Multicast—NEs Not in User’s Device Scope (or Actions Not Related to NEs)
|
|
|
|
|
|
---|---|---|---|---|---|
Permissions for Managing MToP
MToP—NEs in User’s Device Scope
|
|
|
|
|
|
---|---|---|---|---|---|
MToP—NEs Not in User’s Device Scope (or Actions Not Related to NEs)
|
|
|
|
|
|
---|---|---|---|---|---|
Permissions for Managing SBCs
SBC—NEs in User’s Device Scope
|
|
|
|
|
|
---|---|---|---|---|---|
SBC—NEs Not in User’s Device Scope (or Actions Not Related to NEs)
|
|
|
|
|
|
---|---|---|---|---|---|
Permissions for Managing AAA
AAA—NEs in User’s Device Scope
|
|
|
|
|
|
---|---|---|---|---|---|
View RADIUS authentication configuration details for AAA group |
|||||
AAA—NEs Not in User’s Device Scope (or Actions Not Related to NEs)
|
|
|
|
|
|
---|---|---|---|---|---|
View RADIUS authentication configuration details for AAA group |
|||||
Permissions for Managing IP Pools
IP Pools—NEs in User’s Device Scope
|
|
|
|
|
|
---|---|---|---|---|---|
IP Pools—NEs Not in User’s Device Scope (or Actions Not Related to NEs)
|
|
|
|
|
|
---|---|---|---|---|---|
Permissions for Managing BNG
BNG—NEs in User’s Device Scope
|
|
|
|
|
|
---|---|---|---|---|---|
BNG—NEs Not in User’s Device Scope (or Actions Not Related to NEs)
|
|
|
|
|
|
---|---|---|---|---|---|
Permissions for Managing Mobile Technologies
Mobile Technologies—NEs in User’s Device Scope
|
|
|
|
|
|
---|---|---|---|---|---|
Viewing the Layer 2 Tunnel Access Concentrator Configurations |
|||||
Mobile Technologies—NEs Not in User’s Device Scope (or Actions Not Related to NEs)
|
|
|
|
|
|
---|---|---|---|---|---|
Viewing the Layer 2 Tunnel Access Concentrator Configurations |
|||||
Permissions for Managing Data Center Networks
Data Center—NEs in User’s Device Scope
|
|
|
|
|
|
---|---|---|---|---|---|
X22 |
|||||
22.For users to be able to view VMs and hypervisors, a user's device scope must include all relevant vCenter VNEs. |
Data Center—NEs Not IN User’s Device Scope (Or Actions Not Related to NEs)
|
|
|
|
|
|
---|---|---|---|---|---|
Permissions for Managing Cable Technologies
Cable Technologies—NEs in User’s Device Scope
|
|
|
|
|
|
---|---|---|---|---|---|
Cable Technologies—NEs Not in User’s Device Scope (or Actions Not Related to NEs)
|
|
|
|
|
|
---|---|---|---|---|---|
Permissions for Managing DSL2+ and VDSL2
ADSL2+ and VDSL2—NEs in User’s Device Scope
|
|
|
|
|
|
---|---|---|---|---|---|
Viewing the ADSL/ADSL2+ physical inventory details for a device |
|||||
ADSL2+ and VDSL2—NEs Not in User’s Device Scope (or Actions Not Related to NEs)
|
|
|
|
|
|
---|---|---|---|---|---|
Viewing the ADSL/ADSL2+ physical inventory details for a device |
|||||
Permissions for Managing GPON Technology
GPON Technology—NEs in User’s Device Scope
|
|
|
|
|
|
---|---|---|---|---|---|