<?xml version="1.0" encoding="utf-8" standalone="yes"?><html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>BSC MML Authorisation</title>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<meta content="text/css" http-equiv="Content-Style-Type" />
<script src="NED?action=retrieve&amp;identifier=dn00188761&amp;edition=1&amp;language=none&amp;coverage=global&amp;encoding=javascript&amp;component=data&amp;item=data" type="text/javascript" xml:space="preserve">
</script>
<?conversion name="Pub2XHTML" version="2.0" source="urn:mars:dn0446155:1:en:global:publishing_online_1_0:data:data:*:*:*" date="2005-02-28T15:53:14Z"?>
<link href="NED?action=retrieve&amp;identifier=dn01158124&amp;edition=1&amp;language=en&amp;coverage=global&amp;encoding=css&amp;component=data&amp;item=data" rel="stylesheet" title="Nokia Networks default online style" type="text/css" />
<meta content="draft" name="status" />
<?conversion name="SplitHTML" version="1.9" source="urn:mars:dn0446155:1:en:global:publishing_online_1_0:data:data:36:*:*" date="2005-02-28T15:53:14Z"?>
</head>
<body lang="en" xml:lang="en">
<p><a name="ned_top" shape="rect"></a>
<a name="ned_1" shape="rect"></a></p>

<a name="jan1851016724" shape="rect"></a>
<a name="p2xhtm-repid-1" shape="rect"></a>
<table width="100%">
<tr>
<td align="center" colspan="1" rowspan="1" width="20%"><?NED5 annotation?>
<br clear="none" /><?NED5 printview?>
</td>
<td align="center" colspan="1" rowspan="1" width="20%"></td>
<td align="center" colspan="1" rowspan="1" width="20%"></td>
<td align="center" colspan="1" rowspan="1" width="20%"></td>
<td align="center" colspan="1" rowspan="1" width="20%"><a href="NED?action=retrieve&amp;identifier=dn0446155_about&amp;edition=1&amp;language=en&amp;coverage=global&amp;encoding=xhtml_1_0&amp;component=data&amp;item=data&amp;pointer=ned_top#ned_top" onclick="openSmallPopup(event,'NED?action=retrieve&amp;identifier=dn0446155_about&amp;edition=1&amp;language=en&amp;coverage=global&amp;encoding=xhtml_1_0&amp;component=data&amp;item=data&amp;pointer=ned_top#ned_top');return false" shape="rect" target="_blank"><img alt="Document information" border="0" class="Metainfo" src="NED?action=retrieve&amp;identifier=dn01158003&amp;edition=1&amp;language=en&amp;coverage=global&amp;encoding=gif&amp;component=data&amp;item=data" /></a></td>
</tr>
</table>


<div class="div">
<h1>BSC MML Authorisation</h1>

<p>The man-machine interface (MMI) authorisation system is
used for the operator access control both in local man-machine language (MML)
sessions and in remote sessions.</p>


<p>The function of the operator access control, that is, the
authorisation system, is to ensure the access for authorised users only and
to prevent the users from executing unauthorised commands. In other words,
it has the following goals:</p>


<ul>
<li><p>To allow the operator an access only
to that part of the system on which he/she has expert knowledge</p>
</li>
<li><p>To give the operator a permission to
use only that part of the system which he/she is required to use</p>
</li>
<li><p>To prevent input of commands associated
with certain parts of the system from certain display terminals.</p>
</li>
</ul>


<p>Every MML session and MML command shall pass the authorisation
check, which is done on three different aspects. All these must be fulfilled
to allow the execution of a command:</p>


<ul>
<li><p>A user password defining the user's
privilege level</p>
</li>
<li><p>The rights of the terminal</p>
</li>
<li><p>An authorisation demand of the command.</p>
</li>
</ul>


<p>In order to prevent unauthorised use of the MMI functions,
the MMI system classifies the session after getting the user's password at
the beginning of the MMI session. The session class is defined on the basis
of the given password and the rights of the terminal, which is used in the
session.</p>


<p>The MML commands are divided into authorisation groups
based on the objects of the commands and on how harmful effects they may have
on the system if used improperly. The user is allowed to execute only those
commands where the demanded authority group is in accordance with the session
class.</p>


<p>The following means are provided for the management of
the operator accesses control:</p>


<ul>
<li><p>Defining the user profile, which includes
the user identification, the password and the user privilege level</p>
</li>
<li><p>Modifying and deleting a user profile</p>
</li>
<li><p>Interrogating user profiles</p>
</li>
<li><p>Listing the users who are currently
logged in the system</p>
</li>
<li><p>Listing MML commands in a given authority
level</p>
</li>
<li><p>Interrogating and modifying terminal
rights</p>
</li>
<li><p>Setting validity period for a user's
password.</p>
</li>
</ul>
</div>
</body>
</html>