| Asset ID: |
1-72-2185214.1 |
| Update Date: | 2016-09-26 |
| Keywords: | |
Solution Type
Problem Resolution Sure
Solution
2185214.1
:
Override GTT Reports Contain Incorrect Data
| Related Items |
- Oracle Communications EAGLE (Software)
|
| Related Categories |
- PLA-Support>Sun Systems>CommsGBU>Global Signaling Solutions>SN-SND: Tekelec OS ELAP LSMS
|
In this Document
Created from <SR 3-13235837321>
Applies to:
Oracle Communications EAGLE (Software) - Version LSMS 12.0 to LSMS 13.0 [Release LSMS 12.0 to LSMS 13.0]
Information in this document applies to any platform.
Symptoms
Customer created a GUI user which was added to a custom Permission group. Custom Permission group was given the permission to generate reports including O-GTT (Override GTT).
Error:
O-GTT report generated by the permission group didn't produce any data.
Cause
GUI user in question doesn't have enough permission to generate O-GTT for the mentioned SPID
No permission to print O-GTT
Solution
Configuring SPID Security for Locally Provisioned Data
Without this optional feature, any user is able to log in using any Service Provider Identifier (SPID) that is defined on the LSMS. The user is able to view any data for any SPID, and depending on which user privileges were assigned to that username, might even be able to change data associated with any SPID.
This optional feature allows the LSMS administrator to assign only certain usernames to be allowed to log on with a specified SPID. In addition, the LSMS administrator can assign a username to be given access to all SPIDs; such a user is called a “golden user.” This feature is especially useful for LSMS customers that act as service bureaus, offering LSMS services to other service providers. The service bureau may administer locally provisioned data for a client and may choose to allow the client to administer or view its own data without allowing that client to view or change data belonging to other clients.
Types of Data Protected by SPID Security
Association of a username with a SPID allows the LSMS system administrator to restrict access to the following types of locally provisioned data:
• Default GTT (global title translation)
• Override GTT
• GTT Groups
• TN (telephone number) filters
• Assignment of GTT groups and TN filters to an EMS (element management system). For more information, refer to the LSMS Database Administration Manual. Accessibility to these types of data are protected by SPID security for any access method (for example, through the GUI, through input data by file, audit, and reconcile).
Activating the SPID Security Feature
Note: For customers that have been upgraded directly from LSMS Release 4.x to Release 6.1, all EMS components created in the prior release must be deleted and recreated under its appropriate SPID. This feature is activated by Tekelec customer service using secure activation procedures. Once the feature is activated, the following actual usernames (not user group names) are defined to be “golden users” having access to all SPID and all other usernames are defined to have no access to any SPIDs:
• lsmsadm
• lsmsview
• lsmsall
• lsmsuser
• lsmsuext
After the feature has been activated, the LSMS administrator (lsmsadm) is advised to immediately define associations between usernames and SPIDs using a new command, spidsec, as described in the following procedure:
1. Log in as lsmsadm on the administrative console.
2. If you do not wish the username lsmsuext to have access to all SPIDs, enter the following command to remove the username from golden access:
$ spidsec -r -u lsmsuext -s <spid> golden
3. If desired, repeat Step 2 for usernames lsmsview, lsmsall, lsmsuser, and lsmsadm.
Note: It is recommended that the username lsmsadm always be allowed golden access.
4. Use admintool to display all the usernames currently defined on the LSMS (for more information, see “Displaying All LSMS User Accounts” in any release of the LSMS Maintenance Manual).
5. For each displayed username, determine which SPIDs you wish to allow this user access to and enter the following command to authorize this username for the specified SPID:
$ spidsec -a -u <username> -s {<spid>|golden}
The following parameters and options apply to this command
<username> A valid LSMS username that has been provisioned using admintool
<spid> A valid SPID defined on the LSMS (alternatively, you can enter golden to allow this username access to all SPIDs defined on the LSMS) To authorize this username to multiple SPIDs, but not for all SPIDs, you must enter the command once for each SPID.
6. Repeat Step 5 for each user displayed in Step 4.
Attachments
This solution has no attachment
