Contents
1 Introduction
This document describes how to create a custom role.
The administrator can create custom roles when the predefined roles do not match the needs of the organization authorization policy.
1.1 Prerequisites
This section describes the prerequisites, which must be fulfilled before using the procedure.
1.1.1 Conditions
The following conditions must apply:
- The user has the System Security Administrator role.
- At least one CustomRule Managed Object (MO) exists.
- The new custom role name is known and matches the name used in the Lightweight Directory Access Protocol (LDAP) authentication and authorization information store.
- An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.
- Note:
- It is not allowed to define a new CustomRole MO with an existing roleName.
2 Procedure
To create a custom role:
- Navigate to the LocalAuthorizationMethod MO, for example:
>dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LocalAuthorizationMethod=1
- Enter Config mode:
(LocalAuthorizationMethod=1)>configure
- Create a CustomRole MO, for example:
(config-LocalAuthorizationMethod=1)>CustomRole=CustomSystemOperator
- Set the role name, for example:
(config-CustomRole=CustomSystemOperator)>roleName="CustomSystemOperator"
- Associate some existing custom rules to the custom role,
for example:
(config-CustomRole=CustomSystemOperator)>rules="ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LocalAuthorizationMethod=1,CustomRule=Custom_FaultManagement_1"
- Describe the role, for example:
(config-CustomRole=CustomSystemOperator)>userLabel="Custom System Operator Role"
- Commit the settings:
(config-CustomRole=CustomSystemOperator)>commit
- Verify the result:
(CustomRole=CustomSystemOperator)>show
The following is an example output:
CustomRole=CustomSystemOperator roleName="CustomSystemOperator" rules= "ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,⇒ UserManagement=1,LocalAuthorizationMethod=1,CustomRule=⇒ Custom_FaultManagement_1" userLabel="Custom System Operator Role" - The custom role can now be assigned to user accounts.