Contents
1 Description
This instruction describes how to create a custom rule.
The administrator can create custom rules when the predefined rules do not match the needs of the organization authorization policy.
2 Procedure
2.1 Create Custom Rule
Prerequisites
- The instruction references the following documents:
- No tools are required.
- The following conditions must apply:
- The user has the System Security Administrator role.
- The model elements and permission types targeted by the custom rule are known and reflect the wanted authorization policy.
- The new custom rule name is known.
- An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.
Steps
- Navigate to the LocalAuthorizationMethod Managed Object (MO), for example:
>dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LocalAuthorizationMethod=1
- Enter Config mode:
(LocalAuthorizationMethod=1)>configure
- Create a CustomRule MO, for example:
(config-LocalAuthorizationMethod=1)>CustomRule=Custom_FaultManagement_1
- Set the model elements for which the permission is applicable,
for example:
(config-CustomRule=Custom_FaultManagement_1)>ruleData="ManagedElement,SystemFunctions,Fm,*"
- Set the permissions that the rule provides on a target
specified by attribute ruleData, for example:
(config-CustomRule=Custom_FaultManagement_1)>permission=R
In this example, the custom rule gives read-only permission to class Fm, its attributes, and child MOs.
- Describe the policy for the rule, for example:
(config-CustomRule=Custom_FaultManagement_1)>userLabel="R Rule for FM and Child MOs"
- Commit the settings:
(config-CustomRule=Custom_FaultManagement_1)>commit
- Verify the result:
(CustomRule=Custom_FaultManagement_1)>show
The following is an example output:
CustomRule=Custom_FaultManagement_1 permission=R ruleData="ManagedElement,SystemFunctions,Fm,*" userLabel="R Rule for FM and Child MOs"
- The custom rule can now be assigned to custom roles, refer to Create Custom Role or Change Custom Role.