I have been administrating a rather large Spectrum architecture for just over 6 months now and we are hopefully soon upgrading from 10.1.0 to 10.2.1, we experienced quite a few bugs with the 10.1.0 version.
I wanted to take advantage of the upgrade to revisit user access, security strings etc. I will try to best describe our scenario below and any input or recommendations would be hugely appreciated.
Our user access permissions have not been correctly implemented from before I was here and currently everything seems to have ADMIN as Security String and mostly everyone is a Super User (used to regain access after LDAP problems). I would like to limit everyones views to only the stuff they need to see and regain order (stop people deleting devices, Global Collections and other users inadvertantly.
We have spectro and oneclick servers in multiple countries but for the sake of the discussion we will limit it to 3, France, UK and Spain. Each countries servers monitor the respective countries devices and the countries users access the oneclick client throught their countries oneclick server.
Now i'll throw in a few scenarios to give the idea of control we would like:
French Security team should see all French devices + Uk security devices + Spain security devices.
French monitoring team should see all French devices except the security devices.
Spanish Security team should see all Spain
Spanish monitoring should see all Spain except the security devices.
French Admin should see all devices from all countries.
How would you recommened reconfiguring the current environement to the desired scenario?
What device security strings? what user security strings? What is the difference between Security string and legacy SNMP community string?
Check out knowledge document TEC1093939 How to limit a Spectrum User to a specific Global Collection
The below document could help you:
How to limit a Spectrum User to a specific Global Collection
Pls check the below.