Contents
1 Introduction
This document describes how to create a custom rule.
The administrator can create custom rules when the predefined rules do not match the needs of the organization authorization policy.
1.1 Prerequisites
This section describes the prerequisites, which must be fulfilled before using the procedure.
1.1.1 Conditions
The following conditions must apply:
- The user has the System Security Administrator role.
- The model elements and permission types targeted by the custom rule are known and reflect the wanted authorization policy.
- The new custom rule name is known.
- An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.
2 Procedure
To create a custom rule:
- Navigate to the LocalAuthorizationMethod Managed Object (MO), for example:
>dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LocalAuthorizationMethod=1
- Enter Config mode:
(LocalAuthorizationMethod=1)>configure
- Create a CustomRule MO, for example:
(config-LocalAuthorizationMethod=1)>CustomRule=Custom_FaultManagement_1
- Set the model elements for which the permission is applicable,
for example:
(config-CustomRule=Custom_FaultManagement_1)>ruleData="ManagedElement,SystemFunctions,Fm,*"
- Set the permissions the rule provides on a target specified
by attribute ruleData, for example:
(config-CustomRule=Custom_FaultManagement_1)>permission=R
In this example, the custom rule gives read-only permission to class Fm, its attributes and child MOs.
- Describe the policy for the rule, for example:
(config-CustomRule=Custom_FaultManagement_1)>userLabel="R Rule for FM and Child MOs"
- Commit the settings:
(config-CustomRule=Custom_FaultManagement_1)>commit
- Verify the result:
(CustomRule=Custom_FaultManagement_1)>show
The following is an example output:
CustomRule=Custom_FaultManagement_1 permission=R ruleData="ManagedElement,SystemFunctions,Fm,*" userLabel="R Rule for FM and Child MOs"
- The custom rule can now be assigned to custom roles, refer to Create Custom Role or Change Custom Role.