Contents
1 Introduction
This document describes how to change the Target-Based Access Control (TBAC). TBAC is a selective authentication method that determines if a user is allowed to access a specific Managed Element (ME) based on the target type value.
A target type value can have been set at initial configuration. The Security Administrator needs to change the target type value when the existing settings do no longer match the operator organization needs, for example, in the following situations:
- The ME needs to become part of a different geographical domain.
- The ME needs to become part of a different functional domain.
- The ME needs to become part of a different skills domain.
1.1 Prerequisites
This section describes the prerequisites, which must be fulfilled before using the procedure.
1.1.1 Conditions
The following conditions must apply:
- The user has the System Security Administrator role.
- The user profiles are updated with tagged restrictions.
- The new target type value is known.
- An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.
- Profile filter is set to ERICSSON_FILTER.
2 Procedure
To change the TBAC:
- Navigate to the UserManagement managed
object, for example:
>dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1
- Enter Config mode:
(UserManagement=1)>configure
- Set the target type, for example:
(config-UserManagement=1)>targetType="ims.kista.se"
The value is used when a role defined in the Lightweight Directory Access Protocol (LDAP) database is prefixed with the target type. Role definitions where the target type prefix does not match are skipped.
- Commit the setting:
(config-UserManagement=1)>commit
- Verify the result:
(UserManagement=1)>show
The following is an example output:
UserManagement=1
targetType
"ims.kista.se"
userLabel="Selective authentication for Kista site"
userManagementId=1
|