Account User Management (FT-2001.001)
About this document
Scope
This document provides background information as well as a functional description of the FT-2001.001 Account User Management standard feature. The described feature is supported from the release version 4.0 onwards.
Note
Account User Management is a standard feature and does not require a special license.
This feature is part of the User Management functionality with number FN-1001.
Feature Availability
Feature Version | Available from | Summary of changes |
|---|---|---|
v1 | CMP Release 4.0 | Initial release |
v2 | CMP Release 5.2.3 | New Context level: Account Group |
Feature overview
Goals
The aim of the Account User Management feature is to allow Enterprise Account Administrators to create and manage Users and their assigned Access Rights.
Functionality of the feature
User management in the CMP ensures secure and efficient access to the system's resources. This functionality allows administrators to control who can access the system, what they can do, and how they interact with the network and connected devices.
In the CMP, Users represent different stakeholders who interact with the platform to manage and optimize connectivity services.
In order to manage the CMP workflow effectively, multiple Users can be created and delegate different Access Rights to the Users. Assigning the appropriate Access Rights effectively limits each User’s abilities to the scope of their role within the Company.
A collection of Users can be organized into User Groups to which Access Rights can also be assigned.
For more details on User Groups, please see the following feature description: Account User Groups Management
User Creation
In the MAVOCO CMP, the following three criteria define whether and what kind of other Users a given (logged-in) User can create.
Access Rights of the User: User needs to have the Users Right "CAS User - Create or Modify"
User Domain of the User:
CSP domain Users can create and manage ENTERPRISE Users, and
ENTERPRISE domain Users can only create and manage ENTERPRISE Users.
Context Level the User is assigned to: Users can only create Users on the same context level OR one level below
Account Group Users can create Account Group Users,
Account Users can create other Account Users for assigned Accounts OR Customer Users for assigned Customers, and
Customer Users can create Customer Users for assigned Customers.
Reset Password
In case of forgotten, lost, etc. passwords, CMP allows to reset the password of any User. The User will receive an email with instructions on how to change and define their new password.
Welcome Email
CMP allows sending a welcome email to new Users at activation. The welcome email informs the User about their login name and provides an option to set their new password.
Effective User Rights
If a User has access to a specific function (described by an ACL) in a given context, the evaluation of several User Rights related concepts is required. The result of the evaluation defines the Effective User Rights of a given User in a given context. Note that Effective User Rights only make sense in combination with a context.
Effective User Rights are calculated every time the User logs into a CMP module or the context of the User has been switched.
CMP currently supports the following User Categories that are defined by the Domain of the User.
Local User | Users authenticated and managed completely in the CAS environment. |
Delegated User | Users authenticated via an external IdM (Identity Management System). Information of the Delegated Users is read-only in CMP. |