FORM 2
THE PATENTS ACT, 1970 (39 OF 1970) & THE PATENT RULES, 2003
COMPLETE SPECIFICATION
(See section 10 and rule 13)
“METHOD AND SYSTEM FOR GIVING ACCESS OF FUNCTIONS TO A USER GROUP IN A NETWORK”
We, Jio Platforms Limited, an Indian National, of Office - 101, Saffron, Nr. Centre Point, Panchwati 5 Rasta, Ambawadi, Ahmedabad - 380006, Gujarat, India.
The following specification particularly describes the invention and the manner in which it is to be performed.

METHOD AND SYSTEM FOR GIVING ACCESS OF FUNCTIONS TO A USER GROUP IN A NETWORK
FIELD OF INVENTION
[0001] Embodiments of the present disclosure generally relate to the field of wireless communication systems. More particularly, embodiments of the present disclosure relate to a method and system for giving access of functions to a user group in a network.
BACKGROUND
[0002] The following description of the related art is intended to provide background information pertaining to the field of the disclosure. This section may include certain aspects of the art that may be related to various features of the present disclosure. However, it should be appreciated that this section is used only to enhance the understanding of the reader with respect to the present disclosure, and not as admissions of the prior art.
[0003] Wireless communication technology has rapidly evolved over the past few decades, with each generation bringing significant improvements and advancements. The first generation of wireless communication technology was based on analog technology and offered only voice services. However, with the advent of the second generation (2G) technology, digital communication and data services became possible, and text messaging was introduced. The third generation (3G) technology marked the introduction of high-speed internet access, mobile video calling, and location-based services. The fourth generation (4G) technology revolutionized wireless communication with faster data speeds, better network coverage, and improved security. Currently, the fifth generation (5G) technology is being deployed, promising even faster data speeds, low latency, and the ability to connect multiple devices simultaneously. With each generation, wireless

communication technology has become more advanced, sophisticated, and capable of delivering more services to its users.
[0004] In wireless communication systems, there are various nodes performing different functions. These nodes can be accessed by operators to perform functions such as modifying some configuration parameters, shutting down the node, etc. For example, the nodes such as Charging Function (CHF), Policy Control Function (PCF), Network Repository Function (NRF), Binding Support Function (BSF), etc. have a Command Line Interface (CLI) which enables operators/users to configure various parameters. Upon entering the CLI, users are presented with a range of commands, including the capability to create a new user. When logged in as a newly created user, the network function, or the node in the existing solutions does not impose any restriction on the commands that can be executed. However, some functionalities may have serious consequences and therefore should not be accessible to all the operators at all levels so as to avoid errors in functionalities that may have serious implications.
[0005] In the existing systems, there is no option for providing limited access of functionalities to different users. In such systems, all the operators are provided access to all functionalities to perform operations on the nodes.
[0006] Thus, there exists an imperative need in the art to provide a method and system for giving access of functions to a user group in a network, which the present disclosure aims to address.
SUMMARY
[0007] This section is provided to introduce certain aspects of the present disclosure in a simplified form that are further described below in the detailed description. This summary is not intended to identify the key features or the scope of the claimed subject matter.

[0008] According to an aspect of the present disclosure, a method for giving access of functions to a user group in a network is disclosed. The method includes selecting, by an administrator user via a processing unit, at a node in the network, one or more subsets of commands. The method further includes creating, by the administrator user via a creator unit, at the node in the network, one or more user groups, wherein at least one user group from the one or more user groups is a creator user group, and wherein each of the one or more user groups is associated with a subset of commands from the one or more subsets of commands and wherein each of the one or more user groups is associated with a unique user group ID. Thereafter, the method further includes saving, at the node in the network via the processing unit, a created groups list comprising details of the one or more user groups. The method further includes adding, by the node in the network via the creator unit, a new user to the creator user group, wherein the adding of the new user requires providing the user group ID associated with the creator user group. Thereafter, the method further comprises adding, by the node at the network via the processing unit, the new user to the creator user group, based on checking that the provided user group ID associated with the creator user group is present in the created groups list and the creator user group is in a logged-in state. Thereafter, the method includes providing, by the node at the network via an interface unit, a list of allowed commands at an interface to the new user, wherein the list of allowed commands is a subset of commands associated with the creator user group.
[0009] In an exemplary aspect of the present disclosure, the administrator user is associated with a superadmin user group, and the superadmin user group has access to a universal set of commands.
[0010] In an exemplary aspect of the present disclosure, the superadmin user group is created upon booting of the node and is associated with a superadmin group ID.

[0011] In an exemplary aspect of the present disclosure, the one or more subsets of commands selected by the administrator user is identified from the universal set of commands.
[0012] In an exemplary aspect of the present disclosure, saving details of the one or more user groups in the created groups list comprises saving for each of the one or more user groups, the corresponding user group ID and the superadmin group ID.
[0013] In an exemplary aspect of the present disclosure, the interface permits the new user to use one or more commands from the subset of commands associated with the creator user group.
[0014] In an exemplary aspect of the present disclosure, the interface displays an error message, in an event the new user uses a command which is not present in the subset of commands associated with the creator user group.
[0015] In an exemplary aspect of the present disclosure, the method further comprises selecting, by the new user, a first subset of commands from the subset of commands associated with the creator user group; creating, by the new user, a first user group associated with the creator user group, wherein the first user group is associated with the first subset of commands, and wherein the first user group is associated with a first user group ID; saving, at the node in the network, details related to the first user group; and updating, at the node in the network, the created groups list by appending the first user group ID associated with the first user group.
[0016] In an exemplary aspect of the present disclosure, saving the details of the first user group comprises saving the first user group ID and the user group ID associated with the creator user group.

[0017] In an exemplary aspect of the present disclosure, the first user group is allowed to be deleted by at least one of the associated creator user group and a superadmin user group.
[0018] In an exemplary aspect of the present disclosure, the first subset of commands associated with the first user group are allowed to be modified and viewed by at least one of the associated creator user groups and a superadmin user group.
[0019] In an exemplary aspect of the present disclosure, the first user group is allowed to display the first subset of commands in an event the first user group is logged in at the node in the network.
[0020] In an exemplary aspect of the present disclosure, the new user is allowed to update the subset of commands associated with the creator user group.
[0021] In an exemplary aspect of the present disclosure, the updated subset of commands is available to a first user group associated with the creator user group in a logged-in state.
[0022] Another aspect of the present disclosure may relate to a system for giving access of functions to a user group in a network. The system comprises a processing unit, a creator unit and an interface unit connected to each other either directly or indirectly. The system comprises the processing unit configured to select, by an administrator user, at a node in the network, one or more subsets of commands. The system further comprises a creator unit configured, to create, by the administrator user, at the node in the network, one or more user groups, wherein at least one user group from the one or more user groups is a creator user group, and wherein each of the one or more user groups is associated with a subset of commands from the one or more subsets of commands and wherein each of the one or more user groups is associated with a unique user group ID. The processing unit is further configured,

to save, at the node in the network, a created groups list comprising details of the one or more user groups. The creator unit is further configured to add, by the node in the network, a new user to the creator user group, wherein the addition of the new user requires providing the user group ID associated with the creator user group. The processing unit is further configured, to add, by the node at the network, the new user to the creator user group, based on checking that the provided user group ID associated with the creator user group is present in the created groups list and the creator user group is in a logged-in state. The system further comprises an interface unit that is configured to provide, by the node at the network, a list of allowed commands at an interface to the new user, wherein the list of allowed commands is a subset of commands associated with the creator user group.
[0023] Yet another aspect of the present disclosure may relate to a non-transitory computer readable storage medium storing instruction for giving access of functions to a user group in a network, the instructions include executable code which, when executed by one or more units of a system, causes: a processing unit of the system to select, by an administrator user, at a node in the network, one or more subsets of commands. Further, the instructions include executable code, which when executed causes a creator unit of the system to create, by an administrator user, at the node in the network, one or more user groups, wherein at least one user group from the one or more user groups is a creator user group, and wherein each of the one or more user groups is associated with a subsets of commands from the one or more subsets of commands and wherein each of the one or more user groups is associated with a unique user group ID. Further, the instructions include executable code, which when executed causes the processing unit of the system to save, at the node in the network, a created groups list comprising details of the one or more user groups. Further, the instructions include executable code, which when executed causes the creator unit of the system to add, by the node in the network, a new user to the creator user group, wherein the addition of the new user requires providing a user group ID associated with the creator user group. Further, the instructions include executable code, which when

executed causes the processing unit of the system to add, by the node at the network, the new user to the creator user group, based on checking that the provided user group ID associated with the creator user group is present in the created groups list and the creator user group is in a logged-in state. Further, the instructions include executable code, which when executed causes an interface unit of the system to provide, by the node at the network, a list of allowed commands at an interface to the new user, wherein the list of allowed commands is a subset of commands associated with the creator user group.
[0024] Yet another aspect of the present disclosure comprises a user equipment (UE). The UE comprising: a transmitter unit, configured to transmit a request to a system of giving access of functions to a user group in a network; and a receiver unit, configured to receive from the system a response to the request, wherein the response comprises an indication of displaying a list of allowed commands at an interface to a new user. The response is generated by the system based on: selecting, by an administrator user via a processing unit, at a node in the network, one or more subsets of commands; creating, by the administrator user via a creator unit, at the node in the network, one or more user groups, wherein at least one user group from the one or more user groups is a creator user group, and wherein each of the one or more user groups is associated with a subset of commands from the one or more subsets of commands and wherein each of the one or more user groups is associated with a unique user group ID; saving, at the node in the network via the processing unit, a created groups list comprising details of the one or more user groups; adding, by the node in the network via the creator unit, the new user to the creator user group, wherein the adding of the new user requires providing a user group ID associated with the creator user group; adding, by the node at the network via the processing unit, the new user to the creator user group, based on checking that the provided user group ID associated with the creator user group is present in the created groups list and the creator user group is in a logged-in state; and providing, by the node at the network via an interface unit, a list of allowed commands at the

interface to the new user, wherein the list of allowed commands is a subset of commands associated with the creator user group.
OBJECTS OF THE INVENTION
5
[0025] Some of the objects of the present disclosure, which at least one embodiment disclosed herein satisfies are listed herein below.
[0026] It is an object of the present disclosure to provide a method and system for
10 giving access of functions to a user group in a network.
[0027] It is another object of the present disclosure to provide a method and system
for giving access of functions to a user group in a network that enables one to limit
access of functionalities to operators who should be given access to specific
15 functionalities only, which also reduces administrative complexity.
[0028] It is yet another object of the present disclosure to provide a method and a
system for giving access of functions to a user group in a network that simplifies
user experience by categorising users into groups based on their specific needs, and
20 presenting only the relevant functionalities reducing the confusion among various
users/operators who may not be required to access all the commands related to a node in the communication system.
DESCRIPTION OF THE DRAWINGS
25
[0029] The accompanying drawings, which are incorporated herein, and constitute a part of this disclosure, illustrate exemplary embodiments of the disclosed methods and systems in which like reference numerals refer to the same parts throughout the different drawings. Components in the drawings are not necessarily to scale,
30 emphasis instead being placed upon clearly illustrating the principles of the present
disclosure. Also, the embodiments shown in the figures are not to be construed as
9

limiting the disclosure, but the possible variants of the method and system
according to the disclosure are illustrated herein to highlight the advantages of the
disclosure. It will be appreciated by those skilled in the art that disclosure of such
drawings includes disclosure of electrical components or circuitry commonly used
5 to implement such components.
[0030] FIG. 1 illustrates an exemplary block diagram representation of 5th generation core (5GC) network architecture.
10 [0031] FIG. 2 illustrates an exemplary block diagram of a computing device upon
which the features of the present disclosure may be implemented in accordance with exemplary implementation of the present disclosure.
[0032] FIG. 3 illustrates an exemplary block diagram of a system for giving access
15 of functions to a user group in a network in accordance with exemplary
implementations of the present disclosure.
[0033] FIG. 4 illustrates a flow diagram of a method for giving access of functions
to a user group in a network in accordance with exemplary implementations of the
20 present disclosure.
[0034] FIG. 5 illustrates an exemplary block diagram of a network system for
giving access of functions to a user group in a network in accordance with
exemplary implementations of the present disclosure.
25
[0035] FIG. 6 illustrates a process flow diagram of a method for prior user
management usage.
[0036] FIG. 7 illustrates a flow diagram of a method for user management usage
30 for giving access of functions to a user group in a network in accordance with
exemplary implementations of the present disclosure.
10

[0037] FIG. 8 illustrates a process flow diagram of a method for giving access of functions to a user group in a network in accordance with exemplary implementations of the present disclosure.
5 [0038] The foregoing shall be more apparent from the following more detailed
description of the disclosure.
DETAILED DESCRIPTION
10 [0039] In the following description, for the purposes of explanation, various
specific details are set forth in order to provide a thorough understanding of embodiments of the present disclosure. It will be apparent, however, that embodiments of the present disclosure may be practiced without these specific details. Several features described hereafter may each be used independently of one
15 another or with any combination of other features. An individual feature may not
address any of the problems discussed above or might address only some of the problems discussed above.
[0040] The ensuing description provides exemplary embodiments only, and is not
20 intended to limit the scope, applicability, or configuration of the disclosure. Rather,
the ensuing description of the exemplary embodiments will provide those skilled in
the art with an enabling description for implementing an exemplary embodiment.
It should be understood that various changes may be made in the function and
arrangement of elements without departing from the spirit and scope of the
25 disclosure as set forth.
[0041] Specific details are given in the following description to provide a thorough
understanding of the embodiments. However, it will be understood by one of
ordinary skill in the art that the embodiments may be practiced without these
30 specific details. For example, circuits, systems, processes, and other components
11

may be shown as components in block diagram form in order not to obscure the embodiments in unnecessary detail.
[0042] Also, it is noted that individual embodiments may be described as a process
5 which is depicted as a flowchart, a flow diagram, a data flow diagram, a structure
diagram, or a block diagram. Although a flowchart may describe the operations as
a sequential process, many of the operations may be performed in parallel or
concurrently. In addition, the order of the operations may be re-arranged. A process
is terminated when its operations are completed but could have additional steps not
10 included in a figure.
[0043] The word “exemplary” and/or “demonstrative” is used herein to mean serving as an example, instance, or illustration. For the avoidance of doubt, the subject matter disclosed herein is not limited by such examples. In addition, any
15 aspect or design described herein as “exemplary” and/or “demonstrative” is not
necessarily to be construed as preferred or advantageous over other aspects or designs, nor is it meant to preclude equivalent exemplary structures and techniques known to those of ordinary skill in the art. Furthermore, to the extent that the terms “includes,” “has,” “contains,” and other similar words are used in either the detailed
20 description or the claims, such terms are intended to be inclusive—in a manner
similar to the term “comprising” as an open transition word—without precluding any additional or other elements.
[0044] As used herein, a “processing unit” or “processor” or “operating processor”
25 includes one or more processors, wherein processor refers to any logic circuitry for
processing instructions. A processor may be a general-purpose processor, a special
purpose processor, a conventional processor, a digital signal processor, a plurality
of microprocessors, one or more microprocessors in association with a (Digital
Signal Processing) DSP core, a controller, a microcontroller, Application Specific
30 Integrated Circuits, Field Programmable Gate Array circuits, any other type of
integrated circuits, etc. The processor may perform signal coding data processing,
12

input/output processing, and/or any other functionality that enables the working of the system according to the present disclosure. More specifically, the processor or processing unit is a hardware processor.
5 [0045] As used herein, “a user equipment”, “a user device”, “a smart-user-device”,
“a smart-device”, “an electronic device”, “a mobile device”, “a handheld device”, “a wireless communication device”, “a mobile communication device”, “a communication device” may be any electrical, electronic, and/or computing device or equipment, capable of implementing the features of the present disclosure. The
10 user equipment/device may include, but is not limited to, a mobile phone, smart
phone, laptop, a general-purpose computer, desktop, personal digital assistant, tablet computer, wearable device or any other computing device which is capable of implementing the one or more features of the present disclosure. Also, the user device may contain at least one input means configured to receive an input from
15 unit(s) which are required to implement the one or more features of the present
disclosure.
[0046] As used herein, “storage unit” or “memory unit” refers to a machine or computer-readable medium including any mechanism for storing information in a
20 form readable by a computer or similar machine. For example, a computer-readable
medium includes read-only memory (“ROM”), random access memory (“RAM”), magnetic disk storage media, optical storage media, flash memory devices or other types of machine-accessible storage media. The storage unit stores at least the data that may be required by one or more units of the system to perform their respective
25 functions.
[0047] As used herein “interface” or “user interface” refers to a shared boundary
across which two or more separate components of a system exchange information
or data. The interface may also be referred to a set of rules or protocols that define
30 communication or interaction of one or more modules or one or more units with
13

each other, which also includes the methods, functions, or procedures that may be called.
[0048] All modules, units, components used herein, unless explicitly excluded
5 herein, may be software modules or hardware processors, the processors being a
general-purpose processor, a special purpose processor, a conventional processor,
a digital signal processor (DSP), a plurality of microprocessors, one or more
microprocessors in association with a DSP core, a controller, a microcontroller,
Application Specific Integrated Circuits (ASIC), Field Programmable Gate Array
10 circuits (FPGA), any other type of integrated circuits, etc.
[0049] As used herein the transceiver unit include at least one receiver and at least
one transmitter configured respectively for receiving and transmitting data, signals,
information, or a combination thereof between units/components within the system
15 and/or connected with the system.
[0050] As used herein, giving access of functions to a user group refers to providing access or allowing to perform one or more tasks or run one or more commands on a network node. The network node may be related to such as, but not limited to, 5G
20 network and other than 5G network (e.g., 6G network). The network node may be
such as, but not limited to, network repository function (NRF) and charging function (CHF). The user group or authorised user group may be created by a network administrator to perform one or more tasks or run one or more commands. User groups are a collection of users who perform a similar task. A User
25 Group allows a set of users to share common settings, such as type of access to
network nodes, connection authentication mode, access control to one or more commands, and so on. The network administrator may also define allowed one or more subsets of commands for the user group for running at the network node in the network. Further, a member or a user of the user group may create another user
30 group. The another user group created may have same one or more subsets of
14

commands as the creator group or be allowed another subset of command by the member of creator group.
[0051] As used herein, superadmin user group refers to a group in the network with
5 access to all commands for the network nodes. Th superadmin user group may have
only one administrator user, which may be referred to as network function admin
(nfadmin). The superadmin user group may create one or more user groups in the
network and provide the allowed one or more subsets of commands to the created
user groups to be used at the network nodes in the network.
10
[0052] As used herein, logged-in state refers to a state when the user is
authenticated and connected to the network. The user may perform service or
operations associated tasks or commands in the network.
15 [0053] As discussed in the background section, the current known solutions have
several shortcomings, such as there is no option for providing limited access of functionalities to different users. In such systems, all the operators are provided access to all functionalities to perform operations on the nodes. This may have serious consequences. This invention aims to prevent unapproved access from
20 Command Line Interface (CLI) users who are assigned to perform specific tasks,
such as monitoring and managing Network Functions (CHF/PCF/NRF/BSF) in a production environment. The CLI encompasses several critical commands that can significantly impact the functionality of Network Functions, hence, not all commands should be accessible to every CLI user. However, certain users require
25 varying degrees of command authority compared to others. That is why the need
for user groups has arisen, and this solution addresses how user groups access each other and prevents the creation of groups with superior authority or the creation of new users within their own group, blocking unauthorized control over Network Functions. The present disclosure aims to overcome the above-mentioned and other
30 existing problems in this field of technology by providing method and system of
giving access of functions to a user group in a network.
15

[0054] Hereinafter, exemplary embodiments of the present disclosure will be described with reference to the accompanying drawings.
[0055] FIG. 1 illustrates an exemplary block diagram representation of 5th
5 generation core (5GC) network architecture, in accordance with exemplary
implementation of the present disclosure. As shown in FIG. 1, the 5GC network architecture [100] includes a user equipment (UE) [102], a radio access network (RAN) [104], an access and mobility management function (AMF) [106], a Session Management Function (SMF) [108], a Service Communication Proxy (SCP) [110],
10 an Authentication Server Function (AUSF) [112], a Network Slice Specific
Authentication and Authorization Function (NSSAAF) [114], a Network Slice Selection Function (NSSF) [116], a Network Exposure Function (NEF) [118], a Network Repository Function (NRF) [120], a Policy Control Function (PCF) [122], a Unified Data Management (UDM) [124], an application function (AF) [126], a
15 User Plane Function (UPF) [128], a data network (DN) [130] a charging function
(CHF) [132], a binding support function (BSF) [134], wherein all the components are assumed to be connected to each other in a manner as obvious to the person skilled in the art for implementing features of the present disclosure.
20 [0056] Radio Access Network (RAN) [104] is the part of a mobile
telecommunications system that connects user equipment (UE) [102] to the core network (CN) and provides access to different types of networks (e.g., 5G network). It consists of radio base stations and the radio access technologies that enable wireless communication.
25
[0057] Access and Mobility Management Function (AMF) [106] is a 5G core network function responsible for managing access and mobility aspects, such as UE registration, connection, and reachability. It also handles mobility management procedures like handovers and paging.
30
16

[0058] Session Management Function (SMF) [108] is a 5G core network function responsible for managing session-related aspects, such as establishing, modifying, and releasing sessions. It coordinates with the User Plane Function (UPF) for data forwarding and handles IP address allocation and QoS enforcement. 5
[0059] Service Communication Proxy (SCP) [110] is a network function in the 5G core network that facilitates communication between other network functions by providing a secure and efficient messaging service. It acts as a mediator for service-based interfaces. 10
[0060] Authentication Server Function (AUSF) [112] is a network function in the 5G core responsible for authenticating UEs during registration and providing security services. It generates and verifies authentication vectors and tokens.
15 [0061] Network Slice Specific Authentication and Authorization Function
(NSSAAF) [114] is a network function that provides authentication and authorization services specific to network slices. It ensures that UEs can access only the slices for which they are authorized.
20 [0062] Network Slice Selection Function (NSSF) [116] is a network function
responsible for selecting the appropriate network slice for a UE based on factors such as subscription, requested services, and network policies.
[0063] Network Exposure Function (NEF) [118] is a network function that
25 exposes capabilities and services of the 5G network to external applications,
enabling integration with third-party services and applications.
[0064] Network Repository Function (NRF) [120] is a network function that acts
as a central repository for information about available network functions and
30 services. It facilitates the discovery and dynamic registration of network functions.
17

[0065] Policy Control Function (PCF) [122] is a network function responsible for policy control decisions, such as QoS, charging, and access control, based on subscriber information and network policies.
5 [0066] Unified Data Management (UDM) [124] is a network function that
centralizes the management of subscriber data, including authentication, authorization, and subscription information.
[0067] Application Function (AF) [126] is a network function that represents
10 external applications interfacing with the 5G core network to access network
capabilities and services.
[0068] User Plane Function (UPF) [128] is a network function responsible for
handling user data traffic, including packet routing, forwarding, and QoS
15 enforcement.
[0069] Data Network (DN) [130] refers to a network that provides data services to user equipment (UE) in a telecommunications system. The data services may include but are not limited to Internet services, private data network related services. 20
[0070] Charging Function (CHF) [132] is performed to complete the billing or charging function for services used by the user or customer
[0071] Binding Support Function (BSF) [134] may assist for a PDU session
25 binding functionality, creating various binding records and route to the appropriate
policy control function for registering new user device data session.
[0072] FIG. 2 illustrates an exemplary block diagram of a computing device [200]
(also used herein as a computer system [200]) upon which the features of the present
30 disclosure may be implemented in accordance with exemplary implementation of
the present disclosure. In an implementation, the computing device [200] may also
18

implement a method for a system and method of giving access of functions to a user
group in a network utilising the system as disclosed in the present disclosure. In
another implementation, the computing device [200] itself implements the method
of giving access of functions to a user group in a network using one or more units
5 configured within the computing device [200], wherein said one or more units are
capable of implementing the features as disclosed in the present disclosure.
[0073] The computing device [200] may include a bus [202] or other communication mechanism for communicating information, and a hardware
10 processor [204] coupled with bus [202] for processing information. The hardware
processor [204] may be, for example, a general-purpose microprocessor. The computing device [200] may also include a main memory [206], such as a random-access memory (RAM), or other dynamic storage device, coupled to the bus [202] for storing information and instructions to be executed by the processor [204]. The
15 main memory [206] also may be used for storing temporary variables or other
intermediate information during execution of the instructions to be executed by the processor [204]. Such instructions, when stored in non-transitory storage media accessible to the processor [204], render the computing device [200] into a special-purpose machine that is customized to perform the operations specified in the
20 instructions. The computing device [200] further includes a read only memory
(ROM) [208] or other static storage device coupled to the bus [202] for storing static information and instructions for the processor [204].
[0074] A storage device [210], such as a magnetic disk, optical disk, or solid-state
25 drive is provided and coupled to the bus [202] for storing information and
instructions. The computing device [200] may be coupled via the bus [202] to a
display [212], such as a cathode ray tube (CRT), Liquid crystal Display (LCD),
Light Emitting Diode (LED) display, Organic LED (OLED) display, etc. for
displaying information to a computer user. An input device [214], including
30 alphanumeric and other keys, touch screen input means, etc. may be coupled to the
bus [202] for communicating information and command selections to the processor
19

[204]. Another type of user input device may be a cursor controller [216], such as
a mouse, a trackball, or cursor direction keys, for communicating direction
information and command selections to the processor [204], and for controlling
cursor movement on the display [212]. The input device typically has two degrees
5 of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), that allow
the device to specify positions in a plane.
[0075] The computing device [200] may implement the techniques described herein using customized hard-wired logic, one or more ASICs or FPGAs, firmware,
10 and/or program logic which in combination with the computing device [200] causes
or programs the computing device [200] to be a special-purpose machine. According to one implementation, the techniques herein are performed by the computing device [200] in response to the processor [204] executing one or more sequences of one or more instructions contained in the main memory [206]. Such
15 instructions may be read into the main memory [206] from another storage medium,
such as the storage device [210]. Execution of the sequences of instructions contained in the main memory [206] causes the processor [204] to perform the process steps described herein. In alternative implementations of the present disclosure, hard-wired circuitry may be used in place of or in combination with
20 software instructions.
[0076] The computing device [200] also may include a communication interface [218] coupled to the bus [202]. The communication interface [218] provides a two-way data communication coupling to a network link [220] that is connected to a
25 local network [222]. For example, the communication interface [218] may be an
integrated services digital network (ISDN) card, cable modem, satellite modem, or a modem to provide a data communication connection to a corresponding type of telephone line. As another example, the communication interface [218] may be a local area network (LAN) card to provide a data communication connection to a
30 compatible LAN. Wireless links may also be implemented. In any such
implementation, the communication interface [218] sends and receives electrical,
20

electromagnetic, or optical signals that carry digital data streams representing various types of information.
[0077] The computing device [200] can send messages and receive data, including
5 program code, through the network(s), the network link [220] and the
communication interface [218]. In the Internet example, a server [230] might
transmit a requested code for an application program through the Internet [228], the
ISP [226], the local network [222], host [224] and the communication interface
[218]. The received code may be executed by the processor [204] as it is received,
10 and/or stored in the storage device [210], or other non-volatile storage for later
execution.
[0078] Referring to FIG. 3, an exemplary block diagram of a system [300] for giving access of functions to a user group in a network is shown, in accordance with
15 the exemplary implementations of the present disclosure. As shown in FIG. 3, the
system [300] includes at least one processing unit [302], at least one creator unit [304], and at least one interface unit [306]. Also, all of the components/ units of the system [300] are assumed to be connected to each other unless otherwise indicated below. Also, in FIG. 3 only a few units are shown, however, the system [300] may
20 comprise multiple such units or the system [300] may comprise any such numbers
of said units, as required to implement the features of the present disclosure. Further, in an implementation, the system [300] may be in communication with the user device (may also referred herein as a user equipment or UE). In another implementation, the system [300] may reside in a server or a network entity.
25
[0079] The system [300] is configured for giving access of functions to a user group in a network, with the help of the interconnection between the components/units of the system [300]. In an exemplary aspect, the system [300] may provide access to network nodes such as, but not limited to, Charging Function (CHF) [132], Policy
30 Control Function (PCF) [122], Network Repository Function (NRF) [120], Binding
Support Function (BSF) [134] to the user groups. The system [300] provides the
21

allowable list of commands for using at the network nodes via an interface such as, not limited to, user interface and Command Line Interface (CLI) to the authorised user group for the use.
5 [0080] More specifically, the system [300] comprises the processing unit [302],
which is configured to select, by an administrator user, at a node in the network, one or more subsets of commands. The administrator user may select one or more subsets of commands, such as, but not limited to, open command, execution command, create command, run command, next level access command, monitoring
10 command, advance-tuning command, advance-tuning overload-control command,
advance-tuning async-threading threading-config command, rest-endpoint interface command, debug command, testing command and converged charging command. It is to be noted that the above commands are for illustrative purposes only and in no way restrict the scope of the present disclosure. As used herein, the
15 administrator user is associated with a superadmin user group and the superadmin
user group has access to a universal set of commands. Further, the superadmin user group is created upon booting of the node and is associated with a superadmin group ID. The one or more subsets of commands selected by the administrator user is identified from the universal set of commands. In an exemplary aspect, the node
20 may be such as, but not limited to, Charging Function (CHF) [132], Policy Control
Function (PCF) [122], Network Repository Function (NRF) [120], Binding Support Function (BSF) [134]. In an exemplary aspect, the one or more subsets of commands may be associated with one or more nodes of a network, such as, but not limited to, Charging Function (CHF) [132], Policy Control Function (PCF) [122],
25 Network Repository Function (NRF) [120], Binding Support Function (BSF) [134]
of a 5G network. The one or more subsets of commands may be one of an open command, execution command, create command, run command, next level access command, and monitoring command etc, that are required to be executed at the one or more nodes to perform one or more operations in the network. In an exemplary
30 aspect, the one or more subsets of commands may be associated with one or more
nodes of a network other than 5G network, and a person skilled in the art would
22

appreciate that the features of the present disclosure may be implemented on such other network.
[0081] In an implementation, the universal set of commands may include all
5 commands related to all nodes in the network. Further, the subset of commands are
one or more commands which may be specific for one or more nodes.
[0082] In an exemplary aspect, in order to give access of functions to specific user groups, the processing unit [302] of the system [300] is configured to create the
10 superadmin user group with superadmin group ID and with access to all commands,
upon booting a network function or the node in the network. In an implementation this superadmin group has only one administrator user/ operator. This operator may be referred herein as ‘nfadmin’ (network function admin). Consider an example, a superadmin user group ‘SA’ is created with an administrator user ‘nfadmin’. The
15 ‘SA’ superadmin user group may be associated with a group ID ‘GID SA’.
[0083] The system further comprises a creator unit [304], which is configured, to create, by the administrator user, at the node in the network, one or more user groups, wherein at least one user group from the one or more user groups is a creator
20 user group, and wherein each of the one or more user groups is associated with a
subset of commands from the one or more subsets of commands and wherein each of the one or more user groups is associated with a unique user group ID. Each user group is associated with unique user group identity (ID) to identity each user group. The creator unit [304] of the system [300] may communicatively be attached with
25 the processing unit [302]. In an operation, the creator unit [304] may create at the
node (e.g., PCF [122] and NRF [120]), in the network, by the administrator user, the one or more user groups. The administrator user ‘nfadmin’ will create a new user group with a non-duplicate user group ID after selecting the commands that should be allowed to the new group, CLI will send provisioning request for these
30 commands. This ‘nfadmin’ has access to all commands, but if a different group's
user is creating a new group, the new group can only have commands that its creator
23

group has access to. If these conditions are met, a new group will be created. For
example, the ‘nfadmin’ user of the superadmin group ‘SA’ creates four user groups
such as ‘A’, ‘B’, ‘C’ and ‘D’. Further each user group may be a creator user group
and may create further one or more user groups. In this example, user group ‘B’
5 may be a creator user group and may create user group ‘BA’ and user group ‘BB’.
The created user groups ‘BA’ and ‘BB’ may have access of all commands of its
creator user group ‘B’. In an exemplary aspect, if a creator group has access for a
user group management, then any user of that creator group can create a new user
group. The user group management may mange access and authorization of all users
10 of user group(s).
[0084] In an exemplary implementation of the present disclosure, the administrator user ‘nfadmin’ may create one or more user groups associated with a corresponding unique ID and an accessible or allowable subset of commands for the created
15 groups. For example, the administrator user may create user group ID such as ‘GID
A’ associated with the user group ‘A’ that is further associated with one or more subsets of commands such as open command, execution command, advance-tuning command, advance-tuning overload-control command, advance-tuning async-threading threading-config command, rest-endpoint interface command and debug
20 command. Further, the administrator user may create user group ID such as ‘GID
B’ for the user group B associated with a subset of commands such as open command, execution command, create command, run command, next level access command, monitoring command, advance-tuning command, advance-tuning overload-control command, advance-tuning async-threading threading-config
25 command, rest-endpoint interface command, debug command, testing command
and converged charging command. The user(s) of user group ‘A’ may access and execute command(s), which are allocated to the group ‘A’. Similarly, the user(s) of user group ‘B’ may access and execute command(s), which are allocated for the group ‘B’.
30
24

[0085] The processing unit [302], is further configured, to save, at the node in the
network, a created groups list comprising details of the one or more user groups.
The processing unit [302] of the system may save at the node (e.g., PCF [122] and
NRF [120]) in the network the created groups list comprising details of the one or
5 more user groups. In an exemplary aspect, saving details of the one or more user
groups in the created groups list comprises saving for each of the one or more user groups, the corresponding user group ID and the superadmin group ID. Further, in an implementation, the processing unit [302] is configured to save user group details comprising the corresponding user group identity, and superadmin group
10 identity in a storage unit. This list may be updated over time as new groups may be
created or updated. For example, the processing unit [302] may store at a node such as, but not limited to, PCF [122], the user group details. For example, the created group list may comprise one creator group and its associated one or more user groups. Each creator group and/or each user group may be associated with a
15 superadmin group. Continuing with the previous example, the created group list
may comprise, entries as follows:
(User group, User Group ID, Creator User Group ID)
1. A, GID A, GID SA
2. B, GID B, GID SA 20 3. C, GID C, GID SA

4. D, GID D, GID SA
5. BA, GID BA, GID B
6. BB, GID BB, GID B
25 [0086] The creator unit [304], is further configured, to add, by the node in the
network, of a new user to the creator user group, wherein the adding of the new user requires providing a user group ID associated with the creator user group. In an operation for adding the new user, the user group ID associated with the creator user group is required. After receiving the correct user group ID associated with the
30 creator user group, the new user may be added to the creator user group. For
example, creator unit [304] may add at the node such as, BSF [134], a new user,
25

such as user having identity ‘UID 1’ will be added to creator user group ‘B’ after receiving the correct user group ID such as ‘GID B’ associated with the creator user group ‘B’.
5 [0087] The processing unit [302], is further configured, to add, by the node at the
network, the new user to the creator user group, based on checking that the provided user group ID associated with the creator user group is present in the created groups list and the creator user group is in a logged-in state. In an operation, after successful authentication of user group ID associated with the creator user group and after
10 determining that the creator user group is in logged-in state, the processing unit
[302] may add at the node such as, but not limited to, PCF [122] and BSF [134] the new user to the creator user group. In an example, the new user ‘UID 1’ added to the creator user group ‘B’, will have access to all commands, which are allowed within the creator user group ‘B’.
15
[0088] The system further comprises the interface unit [306] configured to provide, by the node at the network, a list of allowed commands at an interface to the new user, wherein the list of allowed commands is the subset of commands associated with the creator user group. The interface unit [306] of the system [300] is
20 communicatively attached to the processing unit [302] and the creator unit [304].
The interface unit [306] may provide, by the node (e.g., PCF [122] and NRF [120]) at the network, the list of allowed commands, such as access, open, execution commands at the interface, such as, Command Line Interface (CLI) to the new user ‘UID 1’. In an implementation, the list of allowed commands is the subset of
25 commands associated with the creator user group ‘B’. The CLI permits the new
user to use commands from the subset of commands associated with the creator user group. Further, the CLI displays an error message, in an event the new user uses a command which is not present in the subset of commands associated with the creator user group. Whenever, the new user ‘UID 1’ accesses or runs any
30 unauthorized commands, that is the commands which are not allowed to the creator
user group ‘B’, then the CLI may display an error message and if the user ‘UID 1’
26

performs such activity repeatedly, the system [300] may suspend the user’s access on the CLI.
[0089] In an exemplary aspect, the processing unit [302] is further configured, to
5 select, by the new user, a first subset of commands from the subset of commands
associated with the creator user group. Further, the creator unit [304] is configured, to create, by the new user, a first user group associated with the creator user group, wherein the first user group is associated with the first subset of commands, and wherein the first user group is associated with a first user group ID. In an exemplary
10 aspect, the first subset of commands associated with the first user group are allowed
to be modified and viewed by at least one of the associated creator user groups and a superadmin user group. In an implementation, the first user group is associated with the first subset of commands, and wherein the first user group has a first user group ID. For example, the new user such as ‘UID 1’ may create a user group BA
15 having ID ‘GID BA’. The user group ‘BA’ may be allowed commands, which are
accessible by the user ‘UID 1’.
[0090] In an aspect, the first user group is allowed to display the first subset of commands in an event the first user group is logged in at the node in the network.
20 Further, the new user is allowed to update the set of commands associated with the
creator user group. The updated subset of commands is available to a first user group associated with the creator user group in a logged-in state. In an example, whenever user ‘UID 1’ updates the subset of commands, the updated commands may also be accessible by the user group ‘BA’.
25
[0091] The processing unit [302] is further configured to save, at the node in the network, details related to the first user group; and update, at the node in the network, the created groups list by appending the first user group ID associated with the first user group. In an aspect, saving the details of the first user group comprises
30 saving the first user group ID and the user group ID associated with the creator user
group. The first user group is allowed to be deleted by at least one of the associated
27

creator user groups and the superadmin user group. For example, the processing
unit [302] may save at the node(s) such as, not limited to, PCF [122], BSF [134],
CHF [132] and/or NRF [120] details related to the first user group such as ‘BA’,
associated with the creator group ‘B’ and creator user ‘UID 1’. The processing unit
5 [302] may update the created group list with group ID, whenever a further group is
added to the node in the network. Further, in an operation, the user group ‘BA’ may be deleted by the user group ‘B’ and the superadmin user group ‘SA’.
[0092] Further, in accordance with the present disclosure, it is to be acknowledged
10 that the functionality described for the various components/units can be
implemented interchangeably. While specific embodiments may disclose a
particular functionality of these units for clarity, it is recognized that various
configurations and combinations thereof are within the scope of the disclosure. The
functionality of specific units as disclosed in the disclosure should not be construed
15 as limiting the scope of the present disclosure. Consequently, alternative
arrangements and substitutions of units, provided they achieve the intended functionality described herein, are considered to be encompassed within the scope of the present disclosure.
20 [0093] Referring to FIG. 4, an exemplary method flow diagram [400] for giving
access of functions to a user group in a network in accordance with exemplary implementations of the present disclosure is shown. In an implementation the method [400] is performed by the system [300]. Further, in an implementation, the system [300] may be present in a server device to implement the features of the
25 present disclosure. Also, as shown in FIG. 4, the method [400] starts at step [402].
[0094] At step [404], the method [400] implemented by the present disclosure
comprises selecting, by an administrator user via a processing unit [302], at a node
in the network, one or more subsets of commands. The method [400] implemented
30 by the processing unit [302] of the system [300] may allow the administrator user
to select one or more subsets of commands, such as, but not limited to, open
28

command, execution command, create command, run command, next level access
command, monitoring command, etc. As used herein, the administrator user is
associated with a superadmin user group and the superadmin user group has access
to a universal set of commands. Further, the superadmin user group is created upon
5 booting of the node and is associated with a superadmin group ID. The one or more
subsets of commands selected by the administrator user is identified from the universal set of commands. In an exemplary aspect, the node may be such as, but not limited to, Charging Function (CHF) [132], Policy Control Function (PCF) [122], Network Repository Function (NRF) [120], Binding Support Function (BSF)
10 [134]. In an exemplary aspect, the one or more subsets of commands may be
associated with one or more nodes of a network, such as, but not limited to, Charging Function (CHF) [132], Policy Control Function (PCF) [122], Network Repository Function (NRF) [120], Binding Support Function (BSF) [134] of a 5G network. The one or more subsets of commands may be one of an open command,
15 execution command, create command, run command, next level access command,
monitoring command, advance-tuning command, advance-tuning overload-control command, advance-tuning async-threading threading-config command, rest-endpoint interface command, debug command, testing command and converged charging command etc, that are required to be executed at the one or more nodes to
20 perform one or more operations in the network. In an exemplary aspect, the one or
more subsets of commands may be associated with one or more nodes of a network other than 5G network, and a person skilled in the art would appreciate that the features of the present disclosure may be implemented on such other network.
25 [0095] In an implementation, the universal set of commands may include all
commands related to all nodes in the network. In such a case, subset of commands are one or more commands for one or more nodes. In another implementation the universal set of commands may include all commands related to one or more nodes. In such a case, the subset of commands includes one or more commands for one or
30 more specific nodes from these and not all the commands. For example, universal
set of commands may include such as, but not limited to, open command, execution
29

command, create command, delete command, run command, next level access
command, monitoring command advance-tuning command, advance-tuning
overload-control command, advance-tuning async-threading threading-config
command, rest-endpoint interface command, debug command, testing command
5 and converged charging command.
[0096] In an exemplary aspect, in order to give access of functions to specific user
groups, the processing unit [302] of the system [300] is configured to create the
superadmin user group with superadmin group ID and with access to all commands,
10 upon booting a network function or the node in the network. In an implementation
this superadmin group has only one administrator user/ operator. This operator may
be referred herein as ‘nfadmin’ (network function admin). Consider an example, a
superadmin user group ‘SA’ is created with an administrator user ‘nfadmin’. The
‘SA’ superadmin user group may be associated with a group ID ‘GID SA’.
15
[0097] At step [406], the method [400] implemented by the present disclosure
comprises creating, by an administrator user via a creator unit [304], at the node in
the network, one or more user groups, wherein at least one user group from the one
or more user groups is a creator user group, and wherein each of the one or more
20 user groups is associated with a subset of commands from the one or more subsets
of commands and wherein each of the one or more user groups is associated with a unique user group ID. The creator unit [304] of the system [300] may communicatively be attached to the processing unit [302]. In an operation, the creator unit [304] may create at the node (e.g., PCF [122] and NRF [120]), in the
25 network, by the administrator user, the one or more user groups.
[0098] The administrator user ‘nfadmin’ will create a new user group with a non-
duplicate user group Id after selecting the commands that should be allowed to the
new group, CLI will send provisioning request for these commands. This ‘nfadmin’
30 has access to all commands, but if a different group's user is creating a new group,
the new group can only have commands that its creator group has access to. If these conditions are met, a new group will be created. For example, the ‘nfadmin’ user
30

of the superadmin group ‘SA’ creates four user groups such as ‘A’, ‘B’, ‘C’ and
‘D’. Further each user group may be a creator user group and may create further
one or more user groups. In this example, user group ‘B’ may be a creator user
group and may create user group ‘BA’ and user group ‘BB’. The created user
5 groups ‘BA’ and ‘BB’ may have access of all commands of its creator user group
‘B’. In an exemplary aspect, if a creator group has access for a user group management, then any user of that creator group can create a new user group. The user group management may mange access and authorization of all users of user group(s). 10
[0099] In an exemplary implementation of the present disclosure, the administrator
user ‘nfadmin’ may create one or more user groups associated with a corresponding
unique ID and an accessible or allowable subset of commands for the created
groups. Each user group is associated with unique user group identity (ID) to
15 identity each user group. For example, the administrator user may create user group
ID such as ‘GID A’ associated with the user group ‘A’ that is further associated
with one or more subsets of commands such as open command, execution
command, advance-tuning command, advance-tuning overload-control command,
advance-tuning async-threading threading-config command, rest-endpoint
20 interface command and debug command. Further, the administrator user may create
user group ID such as ‘GID B’ for the user group ‘B’ associated with a subset of
commands such as open command, execution command, create command, run
command, next level access command, monitoring command, advance-tuning
command, advance-tuning overload-control command, advance-tuning async-
25 threading threading-config command, rest-endpoint interface command, debug
command, testing command and converged charging command. The user(s) of user
group ‘A’ may access and execute command(s), which are allocated to the group
‘A’. Similarly, the user(s) of user group ‘B’ may access and execute command(s),
which are allocated for the group ‘B’.
30
31

[0100] At step [408], the method [400] implemented by the present disclosure
comprises saving, at the node in the network via the processing unit [302], a created
groups list comprising details of the one or more user groups. The method [400]
implemented by the processing unit [302] of the system [300] may save at the node
5 (e.g., PCF [122] and NRF [120]) in the network the created groups list comprising
details of the one or more user groups. In an exemplary aspect, saving details of the one or more user groups in the created groups list comprises saving for each of the one or more user groups, the corresponding user group ID and the superadmin group ID. Further, in an implementation, the processing unit [302] is configured to save
10 user group details comprising the corresponding user group identity, and
superadmin group identity in a storage unit. This list may be updated over time as new groups may be created or updated. For example, the processing unit [302] may store at a node such as, but not limited to, PCF [122], user group details. For example, the creator group list may comprise one creator group and its associated
15 one or more user groups. Each creator group and/or each user group may be
associated with a superadmin group. Continuing with the previous example, the creator group list may comprise, entries as follows:
(User group, User Group ID, Creator User Group ID) 1. A, GID A, GID SA
20 2. B, GID B, GID SA
3. C, GID C, GID SA
4. D, GID D, GID SA
5. BA, GID BA, GID B
6. BB, GID BB, GID B 25
[0101] At step [410], the method [400] implemented by the present disclosure
comprises adding, by the node in the network via the creator unit [304], of a new
user to the creator user group, wherein the adding of the new user requires providing
a user group ID associated with the creator user group. In an operation for adding
30 the new user, the user group ID associated with the creator user group is required.
After receiving the correct user group ID associated with the creator user group, the
32

new user may be added to the creator user group. For example, creator unit [304] may add at the node such as, BSF [134], a new user, such as user having identity ‘UID 1’ will be added to creator user group ‘B’ after receiving the correct user group ID such as ‘GID B’ associated with the creator user group ‘B’. 5
[0102] At step [412], the method [400] implemented by the present disclosure comprises adding, by the node at the network via the processing unit [302], the new user to the creator user group, based on checking that the provided user group ID associated with the creator user group is present in the created groups list and the
10 creator user group is in a logged-in state. In an operation, after successful
authentication of user group ID associated with the creator user group and after determining that the creator user group in logged-in state, the processing unit [302] may add at the node such as, but not limited to, PCF [122] and BSF [134] the new user to the creator user group. In an example, the new user ‘UID 1’ added to the
15 creator user group ‘B’ will have access to all commands, which are allowed within
the creator user group ‘B’.
[0103] At step [414], the method [400] implemented by the present disclosure comprises providing, by the node at the network via an interface unit [306], a list
20 of allowed commands at an interface to the new user, wherein the list of allowed
commands is the subset of commands associated with the creator user group. The method [400] implemented by the interface unit [306] of the system [300] may provide, by the node (e.g., PCF [122] and NRF [120]) at the network, the list of allowed commands, such as access, open, execution commands at the interface,
25 such as, but not limited to, command line interface (CLI) and user interface (UI) to
the new user. The list of allowed commands is the subset of commands associated with the creator user group. Upon successful authentication of the new user, the list of allowed commands at the CLI may provide to the new user. In an implementation, in an event the new user tries to use/give commands which the user
30 is not authorised for, an error message may be displayed to the new user via the CLI
or user interface, indicating an unauthorised access. Whenever, the new user ‘UID
33

1’ accesses or runs any unauthorized commands, that is the commands which are not allowed to the creator user group ‘B’, then the CLI may display an error message and if the user ‘UID 1’ performs such activity repeatedly, the method [400] may suspend user access on the CLI. 5
[0104] In an implementation, the list of allowed commands is the subset of
commands associated with the creator user group. The CLI permits the new user to
use commands from the subset of commands associated with the creator user group.
Further, the CLI displays an error message, in an event the new user uses a
10 command which is not present in the subset of commands associated with the
creator user group.
[0105] In an exemplary aspect, the processing unit [302] further comprises, selecting, by the new user, a first subset of commands from the subset of commands
15 associated with the creator user group; creating, by the new user, a first user group
associated with the creator user group, wherein the first user group is associated with the first subset of commands, and wherein the first user group is associated with a first user group ID. The method [400] further implemented by the processing unit [302] may select, by the new user, the first subset of commands from the subset
20 of commands associated with the creator user group. In an aspect, the first subset
of commands associated with the first user group are allowed to be modified and viewed by at least one of the associated creator user groups and the superadmin user group. In an implementation, the first user group is associated with the first subset of commands, and wherein the first user group has a first user group ID. For
25 example, the new user such as ‘UID 1’ may create a user group ‘BA’ having
identification (ID) ‘GID BA’. The ‘GID BA’ may be allowed commands, which are accessible by the user ‘UID 1’.
[0106] In an aspect, the first user group is allowed to display the first subset of
30 commands in an event the first user group is logged in at the node in the network.
Further, the new user is allowed to update the set of commands associated with the
34

creator user group. The updated subset of commands is available to a first user group associated with the creator user group in a logged-in state. In an example, whenever user ‘UID 1’ updates the subset of commands, the updated commands may also be accessible by the user group ‘GID BA’. 5
[0107] In an exemplary aspect, the method comprises saving, at the node in the network, details related to the first user group; and updating, at the node in the network, the created groups list by appending the first user group ID associated with the first user group. In an aspect, saving the details of the first user group comprises
10 saving the first user group ID and the user group ID associated with the creator user
group. The first user group is allowed to be deleted by at least one of the associated creator user groups and a superadmin user group. For example, the processing unit [302] may save at the node(s) such as, not limited to, PCF [122], BSF [134], CHF [132] and/or NRF [120] details related to the first user group such as ‘GID BA’,
15 associated with the creator group ‘GID B’ and creator user ‘UID 1’. The processing
unit [302] may update the created group list with group ID, whenever there is a further group is added to the node in the network. Further, in an operation, the group ‘GID BA’ may be deleted by the ‘user group ‘B’ and the superadmin user group ‘SA’.
20
[0108] Thereafter, the method [400] terminates at [416].
[0109] FIG. 5 illustrates an exemplary hierarchical diagram [500] depicting an exemplary implementation of the method [400] as shown in FIG. 4. The
25 hierarchical diagram as shown in FIG. 5 displays an exemplary scenario for giving
access of functions to a user group in a network in accordance with exemplary
implementations of the present disclosure. As shown in FIG. 5, the hierarchical
diagram [500] comprises a database [502], Network Function
(PCF/BSF/CHF/NRF) [504], a command line interface for creating user groups
30 [506] and user group A [508], user group B [510], user group C [512] and user
35

group D [514]. Further, the above user groups may comprise one or more subgroups or sub user groups.
[0110] A network administrator or user associated with admin group or superadmin
5 group may create one or more user groups via the command line interface of user
group [506] for Network Function (PCF/BSF/CHF/NRF) [504]. Further, the
network administrator may provide allowed one or more subsets of commands for
use on network functions/nodes in the network. The created groups and allowed
subsets of commands associated with the created groups are stored in the database
10 [502]. The database [502] stores information of the network administrator, network
functions or network nodes, created user groups or groups and allowed set of commands to use for the network nodes/ functions in the network.
[0111] The superadmin user group is created upon booting of the network
15 functions/ nodes (e.g., PCF and CHF) and is associated with a superadmin group
ID. Consider an example, a superadmin user group ‘SA’ is created with an administrator user ‘nfadmin’. The ‘SA’ superadmin user group may be associated with a group ID ‘GID SA’.
20 [0112] The network administrator or user of the superadmin group may create via
CLI user group [506] one or more user groups such as, group A [508] having identity ‘GID A’, group B [510] having identity ‘GID B’, group C [512] having identity ‘GID C’ and group D [514] having identity ‘GID D’. From the created groups, one or more groups may be creator groups such as group ‘B’ [510], group
25 C [512] and group D [514]. The network administrator may allow one or more
subsets of commands to be associated with the created user groups. The network administrator or user of the superadmin group may have access to all commands in the network. For example, the user of the superadmin group ‘nfadmin’, may have access of all commands such as open command, execution command, create
30 command, delete command, run command, next level access command, monitoring
command, advance-tuning command, advance-tuning overload-control command,
36

advance-tuning async-threading threading-config command, rest-endpoint
interface command, debug command, testing command and converged charging
command. The user of the superadmin group or network administrator may allow
open command, execution command, create command, run command, advance-
5 tuning command, and advance-tuning overload-control command to group ‘B’
[510]. Similarly, the user of the superadmin group may allow open command,
execution command, create command, delete command, run command, next level
access command, monitoring command, advance-tuning command, advance-tuning
overload-control command, and advance-tuning async-threading threading-config
10 command to group C [512]. The network function [504] is associated with a
database [502] that may store the created groups list comprising the corresponding
user group identity, and superadmin group identity or the creator group identity.
[0113] Further in an operation, a new user may be added to the creator user group
15 by providing the user group ID associated with the creator user group. For example,
a new user with identity ‘UID new user’ may be added in the creator user group
such as group ‘B’ by providing the identity of the group ‘B’ which is ‘GID B’.
Further, before adding the new user in the group ‘B’, the identity of group B (such
as ‘GID B’) may be checked that the provided ID associated with the group B
20 (herein as a creator group) is present in the created groups list and the creator user
group is in a logged-in state in the network. After adding in the group, the new user may be provided a list of allowed commands on the CLI associated with the group ‘B’.
25 [0114] Further in an operation, the user of group ‘B’ [510] may create another
group ‘BA’ [516] and another creator group such as group ‘BB’ [518]. The user of the group ‘BB’ [518] may further create group ‘BBA’ [524] and group ‘BBB’ [526]. Similarly, user of group ‘C’ [512] may create another creator group such as group ‘CA’ [520] and user of the group ‘CA’ [520] may create another group ‘CAA’ [528]
30 and another group ‘CAB’ [530]. Similarly, user of the group ‘D’ [514] may create
another group ‘DA’ [522].
37

[0115] In an implementation, the group ‘BB’ [518] may have access of all
commands available to the creator group ‘B’ [510] or user of group ‘B’ [510] may
be provided one or more subsets of commands from the allowed commands to the
5 group ‘B’ [510]. For example, the group ‘B’ [510] may allow open command,
execution command, create command, and run command to the group ‘BB’ [518].
This list of such allowed commands may be stored in the database [502]. Further,
if the user of group ‘B’ [510] allows advance-tuning command, and advance-tuning
overload-control command to the group ‘BB’ [518], this information is updated at
10 the database [502]. The database [502] may store any modification, updates,
deletion of the one or more subsets of the commands in the list for the network function [504] in the network.
[0116] FIG. 6 illustrates a process flow diagram [600] of a method flow for
15 command execution according to an old workflow or prior workflow. As shown in
FIG. 6, the old method flow diagram [600] comprises a command line interface (CLI) [602] and network functions (BSF/PCF/CHF/NRF) [604].
[0117] A user via command line interface (CLI) [602] may access one or more
20 functions and commands at network functions (BSF/PCF/CHF/NRF) [604]. Here,
all the commands will be shown and accessible to the user as shown in block S
[616]. If the user accesses the network functions (BSF/PCF/CHF/NRF) [604]
without authentication, an authentication failed message is generated at step S
[608]. Further, an authentication request is transmitted again from the CLI [602].
25 After receiving correct username and password at the network functions
(BSF/PCF/CHF/NRF) [604] a successful message or indication may be sent at step
S [610] to the CLI [602]. After authentication the user may be allowed to fire
commands as shown in step S [616]. Further, at step S [606], when user via the CLI
[602] fires command for the network functions (BSF/PCF/CHF/NRF) [604], and if
30 the command execution is successful, an execution successful response is generated
at step S [612]. Further, if the command execution is unsuccessful/fails, an
execution failed response is generated at step S [614].
38

[0118] FIG. 7 illustrates a method flow diagram [700] of a method using the present
disclosure of user management or user group management for giving access of
functions to a user group in a network in accordance with exemplary
5 implementations of the present disclosure. As shown in FIG. 7, method flow
diagram [700] comprises a command line interface (CLI) [702], network functions (BSF/PCF/CHF/NRF) [704] and database (DB) [706].
[0119] A user via command line interface (CLI) [702] may access one or more
10 functions and commands at network functions (BSF/PCF/CHF/NRF) [704]. If the
user accesses the network functions (BSF/PCF/CHF/NRF) [704] without authentication, an authentication fail message is generated at step S [708]. Further, an authentication request is sent to the CLI [702]. After receiving correct username and password at the network functions (BSF/PCF/CHF/NRF) [704] a successful
15 message or indication may be sent at step S [710] to the CLI [702]. After successful
authentication, the user may access at step S [716] user group management commands (if allowed) which can be used along with add, remove view, modify options at the CLI [702] for the network functions (BSF/PCF/CHF/NRF) [704]. Based on the user management commands fired by the user, the network functions
20 (BSF/PCF/CHF/NRF) [704] may send the requests in all options of the user
management commands, either to fetch or to put user group data to the DB [706]. In response to this, DB [706] sends a result which decides a response of user group management commands to the network functions (BSF/PCF/CHF/NRF) [704]. If the decision is to allow the user management commands to the user, then, if the
25 command execution is successful, an execution successful response is generated at
step S [712]. Further, if the command execution is unsuccessful/fail, an execution failed response is generated at step S [714].
[0120] FIG. 8 illustrates a method flow diagram [800] of a method for giving access
30 of functions to a user group in a network in accordance with exemplary
implementations of the present disclosure. As shown in FIG. 8, method flow
39

diagram [800] comprises a command line interface (CLI) [802], network functions (BSF/PCF/CHF/NRF) [804] and database (DB) [806].
[0121] A user via command line interface (CLI) [802] may access one or more
5 functions and commands at network functions (BSF/PCF/CHF/NRF) [804]. If the
user accesses the network functions (BSF/PCF/CHF/NRF) [804] without authentication, an authentication failed message generates at step S [808]. Further, an authentication request is sent to the CLI [802]. After receiving correct username and password at the network functions (BSF/PCF/CHF/NRF) [804] a successful
10 message or indication may be sent at step S [812] to the CLI [802] and allowed
commands of logged in user may be sent in response of authentication. After authentication, the user may be shown at step S [820] only allowed command at the CLI [802] for the network functions (BSF/PCF/CHF/NRF) [804]. When the user at step S [810] fires command for the network functions (BSF/PCF/CHF/NRF) [804],
15 the network functions (BSF/PCF/CHF/NRF) [804] may fetch from the DB [806]
logged-in user group’s commands to check if the command is allowed to the user. After checking if the command is allowed or not, the DB [806] may send allowed or blocked indication to the network functions (BSF/PCF/CHF/NRF) [804] based on the successful or unsuccessful checking. Further, if the command is allowed, and
20 if the command execution is successful, an execution successful response is
generated at step S [814]. Further, if the command execution is unsuccessful/fail, an execution failed response is generated at step S [816].
[0122] The present disclosure further discloses a non-transitory computer readable
25 storage medium storing instruction for a method for giving access of functions to a
user group in a network, the instructions include executable code which, when
executed by one or more units of a system [300], causes a processing unit [302] of
the system [300] to select, by an administrator user, at a node in the network, one
or more subsets of commands. Further, the instructions include executable code
30 which, when executed causes a creator unit [304] of the system [300] to create, by
an administrator user, at the node in the network, one or more user groups, wherein
40

at least one user group from the one or more user groups is a creator user group,
and wherein each of the one or more user groups is associated with a subset of
commands from the one or more subsets of commands and wherein each of the one
or more user groups is associated with a unique user group ID. Further, the
5 instructions include executable code which, when executed causes the processing
unit [302] of the system [300] to save, at the node in the network, a created groups list comprising details of the one or more user groups. Further, the instructions include executable code which, when executed causes the creator unit [304] of the system [300] to add, by the node in the network, a new user to the creator user
10 group, wherein the addition of the new user requires providing a user group ID
associated with the creator user group. Further, the instructions include executable code which, when executed causes the processing unit [302] of the system [300] to add, by the node at the network, the new user to the creator user group, based on checking that the provided user group ID associated with the creator user group is
15 present in the created groups list and the creator user group is in a logged-in state.
Further, the instructions include executable code which, when executed causes the interface unit [306] to provide, by the node at the network, a list of allowed commands at an interface to the new user, wherein the list of allowed commands is a subset of commands associated with the creator user group.
20
[0123] The present disclosure further discloses a user equipment (UE). The UE comprising: a transmitter unit, configured to transmit a request to a system [300] for giving access of functions to a user group in a network; and a receiver unit, configured to receive from the system [300] a response to the request, wherein the
25 response comprises an indication of displaying a list of allowed commands at an
interface to a new user. The response is generated by the system [200] based on: selecting, by an administrator user via a processing unit [302], at a node in the network, one or more subsets of commands; creating, by the administrator user via a creator unit [304], at the node in the network, one or more user groups, wherein
30 at least one user group from the one or more user groups is a creator user group,
and wherein each of the one or more user groups is associated with a subset of
41

commands from the one or more subsets of commands and wherein each of the one
or more user groups is associated with a unique user group ID; saving, at the node
in the network via the processing unit [302], a created groups list comprising details
of the one or more user groups; adding, by the node in the network via the creator
5 unit [304], of the new user to the creator user group, wherein the adding of the new
user requires providing a user group ID associated with the creator user group;
adding, by the node at the network via the processing unit [302], the new user to
the creator user group, based on checking that the provided user group ID associated
with the creator user group is present in the created groups list and the creator user
10 group is in a logged-in state; and providing, by the node at the network via an
interface unit [306], a list of allowed commands at the interface to the new user, wherein the list of allowed commands is a subset of commands associated with the creator user group.
15 [0124] Furthermore, in an exemplary implementation of the present disclosure, the
following steps may be performed at one or more nodes, such as, but not limited to, Charging Function (CHF) [132], Policy Control Function (PCF) [122], Network Repository Function (NRF) [120], and Binding Support Function (BSF) [134] etc.
• Upon booting a network node or network function (NRF [120] or BSF [134]
20 or CHF [132] or PCF [122]), a superadmin group with access to all
commands may be created. This group may have only one administrator user, referred to as nfadmin (network function admin).
• The user nfadmin may create a new user group with a non-duplicate user
group ID after selecting the commands that should be allowed to the new
25 group, and the CLI will send provisioning request for these commands. This
nfadmin has access to all commands, but if a different group's user is creating a new group, the new group can only have commands that its creator group (i.e., a group to which the user who has created the new group is related) has access to.
30 • The network function (NF) may save the new user group details along with
data of creator user group Id and a created group list. This list may be
42

updated over time as more groups are made, and these two parameters will determine whether a group can take any action on other group.
• When adding a new command line interface (CLI) user, a user group ID
may also be asked, and that user group ID must be from the created groups
5 of the user group logged in at that time. If this is true, the new user may be
added.
• The new user is now able to log in using their unique username and
password. Upon successful authentication, Network Function (NF) / node
may provide a list of allowed commands in the CLI authentication success
10 response. The CLI may only display and permit the use of commands and
options that the user has access to during this session. If the user attempts to use a command or option that is not authorized, an error message indicating unauthorized access may be displayed.
• A group can only be deleted along with users in the group by its creator
15 group or by the superadmin group/nfadmin user. The same rule applies to
modifying and viewing the commands a group can use, with displaying allowed commands additionally possible for the logged-in user group itself.
• When a creator of a group other than 'superadmin', updates its commands
based on available commands to the creator, the revised set of commands
20 are accessible to the group of the currently logged-in user. Network
Functions / Nodes may now utilize this updated list to verify the capabilities of users within that group during Command Line Interface (CLI) usage.
[0125] As is evident from the above, the present disclosure provides a technically
25 advanced solution for giving access of functions to a user group in a network. The
present disclosure provides a solution for giving access of functions to specific user
groups. Implementing the features of the present invention enables one to limit
access of functionalities to operators who should be given access to specific
functionalities only, which also reduces administrative complexity. Further, the
30 present solution simplifies user experience by categorising users into groups based
on their specific needs and presenting only the relevant functionalities reducing the
43

confusion among various users/operators who may not be required to access all the commands related to a node in the communication system.
[0126] While considerable emphasis has been placed herein on the disclosed
5 implementations, it will be appreciated that many implementations can be made and
that many changes can be made to the implementations without departing from the
principles of the present disclosure. These and other changes in the implementations
of the present disclosure will be apparent to those skilled in the art, whereby it is to
be understood that the foregoing descriptive matter to be implemented is illustrative
10 and non-limiting.
44

We Claim:
1. A method for giving access of functions to a user group in a network, the
method comprising:
- selecting, by an administrator user via a processing unit [302], at a node in the network, one or more subsets of commands;
- creating, by the administrator user via a creator unit [304], at the node in the network, one or more user groups, wherein at least one user group from the one or more user groups is a creator user group, and wherein each of the one or more user groups is associated with a subset of commands from the one or more subsets of commands and wherein each of the one or more user groups is associated with a unique user group ID;
- saving, at the node in the network via the processing unit [302], a created groups list comprising details of the one or more user groups;
- adding, by the node in the network via the creator unit [304], of a new user to the creator user group, wherein the adding of the new user requires providing a user group ID associated with the creator user group;
- adding, by the node at the network via the processing unit [302], the new user to the creator user group, based on checking that the provided user group ID associated with the creator user group is present in the created groups list and the creator user group is in a logged-in state; and
- providing, by the node at the network via an interface unit [306], a list of allowed commands at an interface to the new user, wherein the list of allowed commands is a subset of commands associated with the creator user group.
2. The method as claimed in claim 1, wherein the administrator user is
associated with a superadmin user group, and the superadmin user group
has access to a universal set of commands.

3. The method as claimed in claim 2, wherein the superadmin user group is created upon booting of the node and is associated with a superadmin group ID.
4. The method as claimed in claim 2, wherein the one or more subsets of commands selected by the administrator user is identified from the universal set of commands.
5. The method as claimed in claim 3, wherein saving details of the one or more user groups in the created groups list comprises saving for each of the one or more user groups, the corresponding user group ID and the superadmin group ID.
6. The method as claimed in claim 1, wherein the interface permits the new user to use one or more commands from the subset of commands associated with the creator user group.
7. The method as claimed in claim 1, wherein the interface displays an error message, in an event the new user uses a command which is not present in the subset of commands associated with the creator user group.
8. The method as claimed in claim 1, further comprising:

- selecting, by the new user, a first subset of commands from the subset of commands associated with the creator user group;
- creating, by the new user, a first user group associated with the creator user group, wherein the first user group is associated with the first subset of commands, and wherein the first user group is associated with a first user group ID;
- saving, at the node in the network, details related to the first user group; and
- updating, at the node in the network, the created groups list by appending the first user group ID associated with the first user group.

9. The method as claimed in claim 8, wherein saving the details of the first user group comprises saving the first user group ID and the user group ID associated with the creator user group.
10. The method as claimed in claim 8, wherein the first user group is allowed to be deleted by at least one of the associated creator user groups and a superadmin user group.
11. The method as claimed in claim 8, wherein the first subset of commands associated with the first user group are allowed to be modified and viewed by at least one of the associated creator user groups and a superadmin user group.
12. The method as claimed in claim 8, wherein the first user group is allowed to display the first subset of commands in an event the first user group is logged in at the node in the network.
13. The method as claimed in claim 1, wherein the new user is allowed to update the subset of commands associated with the creator user group.
14. The method as claimed in claim 13, wherein the updated subset of commands is available to a first user group associated with the creator user group in a logged-in state.
15. A system [300] for giving access of functions to a user group in a network, the system comprising:

- a processing unit [302] configured to select, by an administrator user, at a node in the network, one or more subsets of commands;
- a creator unit [304] configured, to create, by the administrator user, at the node in the network, one or more user groups, wherein at least one user group from the one or more user groups is a creator user group, and wherein each of the one or more user groups is associated with a subset

of commands from the one or more subsets of commands and wherein each of the one or more user groups is associated with a unique user group ID,
wherein, the processing unit [302], is further configured, to save, at the node in the network, a created groups list comprising details of the one or more user groups;
wherein, the creator unit [304], is further configured, to add, by the node in the network, a new user to the creator user group, wherein the addition of the new user requires providing a user group ID associated with the creator user group;
wherein, the processing unit [302], is further configured, to add, by
the node at the network, the new user to the creator user group, based
on checking that the provided user group ID associated with the
creator user group is present in the created groups list and the creator
user group is in a logged-in state; and
- an interface unit [306], configured, to provide, by the node at the
network, a list of allowed commands at an interface to the new user,
wherein the list of allowed commands is a subset of commands
associated with the creator user group.
16. The system [300] as claimed in claim 15, wherein the administrator user is associated with a superadmin user group, and the superadmin user group has access to a universal set of commands.
17. The system [300] as claimed in claim 16, wherein the superadmin user group is created upon booting of the node and is associated with a superadmin group ID.

18. The system [300] as claimed in claim 16, wherein the one or more subsets of commands selected by the administrator user is identified from the universal set of commands.
19. The system [300] as claimed in claim 17, wherein saving details of the one or more user groups in the created groups list comprises saving for each of the one or more user groups, the corresponding user group ID and the superadmin group ID.
20. The system [300] as claimed in claim 15, wherein the interface permits the new user to use one or more commands from the subset of commands associated with the creator user group.
21. The system [300] as claimed in claim 15, wherein the interface displays an error message, in an event the new user uses a command which is not present in the subset of commands associated with the creator user group.
22. The system [300] as claimed in claim 15, wherein,

- the processing unit [302] is further configured, to select, by the new user, a first subset of commands from the subset of commands associated with the creator user group;
- the creator unit [304] is further configured, to create, by the new user, a first user group associated with the creator user group, wherein the first user group is associated with the first subset of commands, and wherein the first user group is associated with a first user group ID; and
- the processing unit [302] is further configured to: save, at the node in the network, details related to the first user group; and update, at the node in the network, the created groups list by appending the first user group ID associated with the first user group.

23. The system [300] as claimed in claim 22, wherein saving the details of the first user group comprises saving the first user group ID and the user group ID associated with the creator user group.
24. The system [300] as claimed in claim 22, wherein the first user group is allowed to be deleted by at least one of the associated creator user groups and a superadmin user group.
25. The system [300] as claimed in claim 22, wherein the first subset of commands associated with the first user group are allowed to be modified and viewed by at least one of the associated creator user groups and a superadmin user group.
26. The system [300] as claimed in claim 22, wherein the first user group is allowed to display the first subset of commands in an event the first user group is logged in at the node in the network.
27. The system [300] as claimed in claim 15, wherein the new user is allowed to update the subset of commands associated with the creator user group.
28. The system [300] as claimed in claim 27, wherein the updated subset of commands is available to a first user group associated with the creator user group in a logged-in state.
29. A user equipment (UE) comprising:

- a transmitter unit, configured to transmit a request to a system [300] for giving access of functions to a user group in a network;
- a receiver unit, configured to receive from the system [300] a response to the request, wherein the response comprises an indication of displaying a list of allowed commands at an interface to a new user, and wherein the response is generated by the system [200] based on:

• selecting, by an administrator user via a processing unit [302], at a node in the network, one or more subsets of commands;
• creating, by the administrator user via a creator unit [304], at the node in the network, one or more user groups, wherein at least one user group from the one or more user groups is a creator user group, and wherein each of the one or more user groups is associated with a subset of commands from the one or more subsets of commands and wherein each of the one or more user groups is associated with a unique user group ID;
• saving, at the node in the network via the processing unit [302], a created groups list comprising details of the one or more user groups;
• adding, by the node in the network via the creator unit [304], of the new user to the creator user group, wherein the adding of the new user requires providing a user group ID associated with the creator user group;
• adding, by the node at the network via the processing unit [302], the new user to the creator user group, based on checking that the provided user group ID associated with the creator user group is present in the created groups list and the creator user group is in a logged-in state; and
• providing, by the node at the network via an interface unit [306], a list of allowed commands at the interface to the new user, wherein the list of allowed commands is a subset of commands associated with the creator user group.