3 | Chapter 3 | |
Configuring Users, User Groups and Views |
Users, user groups and views are configured by the administrator. A user cannot access information in Bluebird unless that user is authorized by the administrator to access a view. A view is a way to visualize the network.
An operator of Bluebird must be assigned a user id and password prior to using the interface. The user id and password are assigned by the administrator using the Configure User/Group/View interface.
The administrator builds new users, assigns them to user groups and enables users to access views. To configure users, groups and views:
Log in as the administrator. The Administrator Main Panel appears:
![]() |
Figure: Administrator Main Panel |
Select the "Configure User/Groups/Views" icon from the Administrator Main Panel. The
Configure User/Group/View Panel appears
![]() |
Figure: Configure User/Group/Views panel |
Users, user groups and views control the end user interface into the Bluebird system. Efficient organization allows rapid control and maintenance of the various users and what they have permission to access.
Before a person can use Bluebird, they must be assigned a unique user name and password. The user and password are required for login and determine what a particular user has permission to access. The administrator is the only user who has permission to add users and change their views.
When a user is initially built by the administrator, that user has no access to any information in the Bluebird system. Users can only access information via data windows called "views". When the administrator assigns a view to a user, any information provided via the view is available to the user.
A user can be assigned to one or more views which provides a superset of information of each view. For example, if the "East Coast" view permits a user to see nodes in New York and the "West Coast" view permits a user to see nodes in Los Angeles, then if both views are assigned to a user, that user will see devices for both New York and Los Angeles.
A user cannot be logged onto the system more than once. Therefore, each concurrent user must be assigned a unique user id and login. Sharing of user IDs amongst people in the same group is not permitted.
To make it easier to configure and administer large groups of users, users can be assembled into collections called groups. Groups can be organized in almost any fashion. The following are some simple examples of ways to organize users:
Time - if users perform different tasks on third shift than first, user groups are built called "first shift", "second shift" etc. Users are then assigned to a particular shift group. The entire group is then assigned permissions and access to views.
Network Region - if users perform different tasks for a specific area of the network, user groups are built called "east coast", "west coast", "asia" etc. Users are then assigned to an area of the network by assigning them to the appropriate user group. The group is then assigned permission and access to appropriate views.
Job Function - if users perform different tasks depending upon the job function of the user, user groups are built called "administrators", "managers", "staff", "contractors" etc. Users are then assigned a set of views by assigning them to the appropriate user group. The group is then assigned to the appropriate views.
Device Type - if users perform the same type of task for a set of devices, user groups are built called "routers", "hubs", "ATM switches" etc. Users are then assigned to the appropriate groups by the administrator. The group is then assigned a set of views which the users can access.
A view is a data window into a subset of the network and services. When a view built, it typically defines an organized area of the network. Since views are rule driven, sophisticated relationships can be built which accurately describe the desired information.
Views are assigned to a user via the administrator; a user cannot remove or add views to their user interface. The user can switch between views as desired so the administrator can assign views to a user which overlap or are supersets of each other. For example, a view can be built for all the devices on the east coast as well as a view for New York, Boston, Atlanta and Washington DC. The user can then see the entire east coast in one view and a specific city in one of the other views.
The following are some simple examples of views:
Geography - A view can depict an area of the network, typically using IP Address. This is useful for viewing devices within a "management domain" where responsibility are assigned.
Filtered - Often you want to view an area of the network but without specific types of devices. A view of this type allows users to focus on only the critical devices of interest.
Organizational - Often, the network is broken up by company organizations; engineering, finance, research, manufacturing etc. Viewing the network this way allows different users to focus on only those devices within that group.
Device Function - Often, the network contains core backbone equipment and regional equipment. Some users need to see only backbone WAN equipment, others need to see only region equipment and yet other users need to see both.
Users, user groups and views are configured using the Configure Users, Groups and Views tools. This tool allows new users to be added and maintained and assigned to views.
When selected the following panel appears:
![]() |
Figure: Configure User/Group/Views panel |
The Configure User, Groups and View Panel contains the following areas:
The menu bar allows operations from the keyboard and mouse as well as view appearance and help.
The icon bar contains commonly used tools and shortcuts. Adding new users, groups, views, expanding the trees and the wizards are contained here.
The Users area contains all of the configured users which have access to the system. Users are shown in a scroll list in the order in which they were configured. The label of the user is the valid user ID used at login time.
The User Groups area contains all the of the user groups currently configured on the system. Each user group contains a branch below it which shows the members of that group. Only a single level of users can be contained in a user group.
The Views area contains all of the views configured on the system. Each view contains a single branch showing which users or user groups have access that that view. If a user is not contained in a user group under a view, then that user will not see that view when they use Bluebird.
The status bar show information about the panel. The last operation is shown in the status when a normal operation has occurred.
The icon bar contains the common operations for manipulating users, user groups and views.
Icons in the icon bar will display textual hints when the mouse moves over the icon. Icons can also be selected using the keyboard using the TAB and arrow keys. There are not accelerator keyboard keys for icons.
The icon bar is detachable and can float above the rest of the panel as desired. To detach the iconbar, simply drag the icon bar from the panel. This action may differ slightly depending upon the "Look and Feel" settings. The floating icon bar can be reattached to the panel by closing the floating icon bar.
![]() |
Figure: Floating Icon Bar |
- Save the current configuration. Allows the changed configuration
to be make permanent. As changes are made, they are stored in a temporary location until a save if performed.
Exiting the panel without saving changes will generate a confirmation message warning about the loss of
data.
- Copy the selected user, group or view to the clipboard.
- Paste a user, group or view from the clipboard.
- Delete the selected user, group or view.
- Expand the tree branches for the entire panel.
- Expand the selected branch.
- Collapse the tree branches for the entire panel.
- Collapse the selected branch.
- Add a new user to the "Users" area.
- Add a new user group to the "User Groups" area.
- Add a new view to the "Views" area.
- Launch the New User Wizard.
![]() |
Figure: "Users" Area |
An individual must have a valid user ID and password to get access to Bluebird. If a user is not listed in the "Users" area of the panel, they do not have access to Bluebird information.
Users are added to the "Users" area using the "Add a New User" icon in the icon bar. When selected, the "Add User" Panel appears:
![]() |
Figure: "Add User" Panel |
The following fields are defined in the "Add User" Panel:
This is the string used in the login panel to identify the user at login time. The ID can be any string of characters, however, it is recommended that user names be limited to alphanumeric A-Za-z0-9 characters.
The full name of the user. This is a free-form field which can contain any textual data.
The password of the user. This field is used at login time to allow access to the assigned user views. A password is required and cannot be blank.
The confirmation password of the user. This field is compared to the password field to insure that they match. If the passwords do not match, the user cannot be entered.
This is a free form text field for any notes, comments or other information about the user.
Users are changed by double clicking on the user in the "Users" area or right clicking the mouse on the user. When right clicked, the following menu appears:
![]() |
Figure: "Users" Area Right Click |
The following options are defined in the right click:
The "Delete" operation removes the user. See Deleting Users below for more information.
The "Copy" operation takes the user information and adds it to the clipboard. If another copy operation was previously performed, the previous information is lost without warning.
The "Paste" operation takes the user information from the clipboard and pastes it to the "Users" panel. The "Paste" option is unavailable unless there is a valid user in the clipboard.
The "Rename" operation allows the User ID to be changed without going into the "Properties" operation. The other fields are not effected by the rename operation.
The "Properties" operation allows the User information to be modified. When selected, the "Modify User" panel appears.
A user can be a part of one or more user groups and be assigned to one or more views. Deleting a user removes the user, any membership in user groups and assignments to views.
When a delete operation is performed, the following confirmation message appears verifying the delete:
![]() |
Figure: Delete Confirmation |
Users are dragged from the "Users" area onto user groups and views. When dropped onto a user group, the user becomes a member of that group. Any privledges and access granted to that group become available to the users in that group.
![]() |
Figure: "User Groups" Area |
Users can be collected into groups called user groups. User groups are not required for configuration, however, it is strongly recommended that similar users be organized and assigned views.
When the "Add User Group" icon is selected form the icon bar, the "Add User Group" panel appears. Since a user group is a container for organizing users, the fields in the panel are simply descriptive and are not used elsewhere.
![]() |
Figure: "Add User Group" Panel |
The following fields are defined in the "Add User Group" Panel:
The name of the user group. This name is used in the view area to identify the users who have access to that view.
Textual comments about the user group. These comments are informational and for documentation purpose. Comments are not used elsewhere in the system.
User groups are changed by double clicking on the user group in the "User Groups" area or right clicking the mouse on the user group. When right clicked, the following menu appears:
![]() |
Figure: "User Groups" Area Right Click |
The following options are defined in the right click:
The "Delete" operation removes the user group. See Deleting User Groups below for more information.
The "Copy" operation copies the user group to the clipboard.
The "Paste" operation pastes the user group information from the clipboard to the "User Groups" panel. The "Paste" option is unavailable unless there is a valid user group in the clipboard.
The "Rename" operation allows the User Group Name to be changed without going into the "Properties" operation. The other fields are not effected by the rename operation.
The "Properties" operation allows the user group information to be modified. When selected, the "Modify User Group" panel appears.
A user can be a part of one or more user groups and be assigned to one or more views. Deleting a user removes the user, any membership in user groups and assignments to views.
When a delete operation is performed, the following confirmation message appears verifying the delete:
![]() |
Figure: Delete Confirmation |
User Groups are dragged from the "User Groups" area onto views. When dropped onto a view, the user group becomes a member of that view. All access granted by that view become available to the users in that user group.
![]() |
Figure: "Views" Area |
A view is a rule based window into a subset of the network. Views are assigned by the administrator to a user.
When the "Add New View" icon is selected form the icon bar, the "Add View" panel appears.
![]() |
Figure: "Add View" Panel |
The following fields are defined in the "Add View" Panel:
The name of the user group. This name is used in the view area to identify the users who have access to that view.
The full description of the view.
Textual comments about the view. These comments are informational and for documentation purpose. Comments are not used elsewhere in the system.
Since a view is a subset of the managed network, a view has a series of rules which define what devices to show and where. To configure the rules for the current view, select the "Configure View Categories, Thresholds and Rules" button from the panel. The rule builder will launch. For more information, refer to the section on the rule builder.
Views are changed by double clicking on the view in the "Views" area or right clicking the mouse on the view. When right clicked, the following menu appears:
![]() |
Figure: "Views" Area Right Click |
The following options are defined in the right click:
The "Delete" operation removes the view. See Deleting User Groups below for more information.
The "Copy" operation copies the view and it's children to the clipboard.
The "Paste" operation pastes the view information from the clipboard to the "Views" panel. The "Paste" option is unavailable unless there is a valid view in the clipboard.
The "Rename" operation allows the View Name to be changed without going into the "Properties" operation. The other fields are not effected by the rename operation.
The "Properties" operation allows the view information to be modified. When selected, the "Modify View" panel appears.
When a view is built, it consists of one or more categories. Each category has a rule assigned which determines which devices are included in that category. The collection of all categories and rules is called a view.
The Rule Builder is a graphical tool for generating syntactically and semantically correct rule grammar. Sophisticated users can type rules directly into the rule area or use the drag/drop capabilities to let the rule builder create the grammar.
Nodes managed by Bluebird enter the Rule Builder at the Source and must leave at the Sink to be included in the View. Rules are represented as flowing through a series of pipes which have filter at various junctions. A series of tests one after another performs the logical boolean "AND" function; i.e. they must pass through this pipe and that pipe. Branches in the pipe represent boolean logical "OR"s; i.e. they may pass through this pipe or that pipe.
Views and view categories are used to organize devices, interfaces and services in the network into more managable groups.
![]() |
Figure: View/Category Structure |
The views in the view level are configured by the administrator to organize what an operator sees. Views are (typically) shared between users to allow teams to work on areas of the network together. Views are assigned to operators or operator groups.
Categories are containers within Views which subdivide the nodes into smaller, more manageable groups. For a node to appear in a catgory, the node must have passed through the view filter.
Nodes for that category appear at this level. A node is defined as a set of interfaces.
Interfaces are addressable entities in a node; in fact, a node may have many interfaces (e.g. a router). An interface can have many different services running on it.
Services are pollable protocols which run on an interface of a node. Services are reachable or unreachable.
Using information configured in Users/Groups/View
and the Rule Builder by the administrator,
the Real-time Console (RTC) dynamically
builds the view folder tabs and category histograms. In the following example,
the administrator has built 3 views for this user. For the currently
selected view folder tab, there are six categories configured. Each
category has a set of filters which determine which nodes appear
and which ones do not.
![]() |
Figure: Real-time Console Structure |
The View Rule Builder is launched by:
Log in as administrator
Select "Configure User/Group/View" from the Administrator Panel
Right click on the desired View in the View Area
Select [Properties...]
Click on the "Configure View Categories, Thresholds and Rules" Button
![]() |
Figure: Rule Builder |
The Rule Builder Panel consists of seven areas; Custom Rules area, Template Rules area, Category Folder Tabs, Rule Draw area, Thresholds Area, Services area and the Text Rule field. Each area is described below:
![]() |
Figure: Custom Rules |
To modify Custom Rules in the Custom Rules Area, right click on the
rule in the Custom Rules area and the following pop-up will appear:
![]() |
Figure: Modifying Custom Rules |
![]() |
Figure: Template Rules |
When dragging a template rule onto the Custom Rules area, be sure to
drag onto the folder for the same type of Rule; i.e. drag an
"IP Information" rule onto the "IP Information" folder
in the Custom Rules. For example:
![]() |
Figure: Dragging Template Rules |
![]() |
Figure: Category Folder Tabs |
To delete, add or modify View Categories, right click on a folder tab.
The following pop-up panel will appear:
![]() |
Figure: Modifying Folder Tabs |
![]() |
Figure: Rule Draw Area |
Each icon in the Draw Area is an expression in the form of "variable operator value"; e.g. "IPAddr iplike 199.72.52.*". To conserve space on the screen, long expressions are shortened. To view the entire expression, flyt he cursor over the icon and the full rule will appear.
Categories are shown in the folder tabs at the top of the panel. Every folder tab has a different Rule Draw Area and Text Rule.
![]() |
Figure: Thresholds Area |
The radio button for "Propagate Average" and "Propagate Worst" define whether the histogram value reflects either the average availability for the node or the worst availability.
"Propagate Average" and "Propogate Most Critical" are currently undefined.
![]() |
Figure: Services Area |
The options in the Services area are currently unused.
![]() |
Figure: Text Rule Field |
Rule grammar is defined in Chapter 6.
Often, all the categories within a view use the same base rule. For example, for a view of all Cisco Routers, all the categories build upon a rule of ((SNMPsysDescr ~ 'cisco'). Rather than entering that base rule with a logical "and" for every category, the "Common" folder tab allows a rule to apply to all categories.
In the following figure, the common rule defines that categories
"East Coast" and "West Coast" will only contain devices which
match the common rule of SNMPsysDescr ~ 'cisco'.
![]() |
Figure: Common Rule |
The process of building rules is an accretive one. Rules build upon each other by using the template rules to build more and more complex expressions.
Step 1 - Nodes enter the test area at the Source and (may) leave at the Sink. If a node can successfully pass through any paths to the Sink icon, then the node will be part of that Category.
When the rule builder is first launched, the rule
is set to "type your text rule here". The figure is shown below:
![]() |
Figure: Step 1 - The Default Rule |
Step 2 - We have right clicked on the default icon. A popup
panel displays the option to join, cut, copy or modify the rule.
The following shows a right click on the default rule
![]() |
Figure: Step 2 - Right Clicking a Rule |
Step 3 - We have chosen to modify the rule and the following
rule panel appears.
![]() |
Figure: Step 3 - Viewing the Default Rule |
Step 4 - We typed in a new rule to limit the IP addresses of
devices in the category to only 199.72.52 network number. The
resultant rule is shown in the figure below:
![]() |
Figure: Step 4 - Changing the Rule |
Step 5 - After clicking on the [OK] button, we now view the
changed icon. The changed icon is shown in the figure below:
![]() |
Figure: Step 5 - Viewing the Changes |
Step 6 - After clicking on the [Redo Layout] button, we now view the
changed rule in the Text Rule field at the bottom of the panel:
![]() |
Figure: Step 6 - Clicking on Redo Layout |
Step 7 - We drag a rule called "ifType ==22" from the Custom Rules
area and drop
it onto the Drawing Area. The new rule now floats on the panel. The
following figure shows the new floating rule:
![]() |
Figure: Step 7 - Dropping a Rule on the Drawing Area |
Step 8 - To connect a path from the Source to the new rule,
a right click on the Source pops up a panel. "Join" will
allow a connection form the selected icon. The following figure shows
the pop-up when a right click occurs on an icon:
![]() |
Figure: Step 8 - Right Click to Join |
Step 9 - After "Join" is selected, the cursor becomes a
stretchable line. A click on the destination icon
will complete the line. The following figure shows the
line being dragged around the panel:
![]() |
Figure: Step 9 - Drawing a New Path |
Step 10 - The Join command has now been completed by clicking
on the "ifType ==22" icon. The two icons are now related to
each other. The following figure shows the new line between the
the icons:
![]() |
Figure: Step 10 - After the Drawn Line |
Step 11 - In a similar fashion, a line drawn from the
"ifType ==22" icon to the "IPAddr iplike 199.72.52.*" icon.
The following figure shows the two new lines:
![]() |
Figure: Step 11 - Drawing Another Relationship |
Step 12 - Since we have a closed loop, the relationship between
the Source and the "IPAddr iplike 199.72.52.*" icon needs to be
deleted. The following figure show the pop-up panel when the
line between the two icons is right clicked:
![]() |
Figure: Step 12 - Removing a Relationship |
Step 13 - The following figure shows the panel after "Delete" is
selected from the pop-up panel:
![]() |
Figure: Step 13 - After the delete |
Step 14 - After clicking on the [Redo Layout] button,
the icons are reordered and the Text Rule now shows the
grammar of the new "AND" relationship. The following figure
shows the reordered icons and the new Text Rule:
![]() |
Figure: Step 14 - After Redoing the Layout |
Step 15 - The following figure show the panel after we have dropped
a new rule onto the Drawing Area:
![]() |
Figure: Step 15 - Adding an "OR" relationship |
Step 16 - After adding two new connections and clicking
on the "Redo Layout] button, the new rules and
Text Rules look like the following:.
![]() |
Figure: Step 16 - Completing the "OR" |