Contents
1 Introduction
This document describes how to unlock the local authorization method.
The local authorization method is used to enforce the access control of users to the Management Information Base (MIB) or to specific commands exposed over the Ericsson Command-Line Interface (ECLI).
The administrator can unlock the local authorization to enable the local authorization based on defined rules and roles when the managed element is operational or to test the proper execution of local authorization. When local authorization is unlocked, authorization is performed.
The change of state affects existing and new ECLI and NETCONF sessions.
1.1 Prerequisites
This section describes the prerequisites, which must be fulfilled before using the procedure.
1.1.1 Conditions
The following conditions must apply:
- The user has the System Security Administrator role.
- The administrative state is LOCKED.
- An ECLI session in Exec mode is in progress.
2 Procedure
To unlock the local authorization method:
- Navigate to the LocalAuthorizationMethod managed object, for example:
>dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LocalAuthorizationMethod=1
- Enter Config mode:
(LocalAuthorizationMethod=1)>configure
- Unlock the local authorization method:
(config-LocalAuthorizationMethod=1)>administrativeState=UNLOCKED
- Commit the setting:
(config-LocalAuthorizationMethod=1)>commit
- Verify the result:
(LocalAuthorizationMethod=1)>show
The following is an example output:
LocalAuthorizationMethod=1 administrativeState=UNLOCKED [...]
- The authorization is now enforced according to the defined roles and rules.