Contents

1   Description

This instruction describes how to change a custom role.

The administrator can change custom roles when the earlier defined custom roles need to be modified because of changes in the organization authorization policy.

2   Procedure

2.1   Change Custom Role

Prerequisites

• The instruction references the following document:
  • Delete Custom Rule
• No tools are required.
• The following conditions must apply:
  • The user has the System Security Administrator role.
  • A CustomRole Managed Object (MO) exists.
  • The Distinguished Names (DNs) to add to or delete from a CustomRule MO are known.
  • The custom rules to add, change, or delete are known and reflect the wanted authorization policy change.
  • An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.

Steps

1. Navigate to the CustomRole MO, for example:

   >dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LocalAuthorizationMethod=1,CustomRole=CustomSystemOperator

2. View the current settings:

   (CustomRole=CustomSystemOperator)>show -v

   The following is an example output:

   CustomRole=CustomSystemOperator roleName="CustomSystemOperator" rules= "ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,⇒ UserManagement=1,LocalAuthorizationMethod=1,CustomRule=⇒ Custom_FaultManagement_1" userLabel="Custom System Operator Role"

3. Enter Config mode:

   (CustomRole=CustomSystemOperator)>configure

4. Add, change, or delete the DNs for rules in the CustomRule MO, for example:

   (config-CustomRole=CustomSystemOperator)>rules="ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LocalAuthorizationMethod=1,CustomRule=Custom_PerformanceManagement_1"

   In this example, one rule is added.

5. Commit the setting:

   (config-CustomRole=CustomSystemOperator)>commit

6. Verify the result:

   (CustomRole=CustomSystemOperator)>show -v

   The following is an example output:

   CustomRole=CustomSystemOperator roleName="CustomSystemOperator" rules= "ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,⇒ UserManagement=1,LocalAuthorizationMethod=1,CustomRule=⇒ Custom_FaultManagement_1" "ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,⇒ UserManagement=1,LocalAuthorizationMethod=1,CustomRule=⇒ Custom_PerformanceManagement_1" userLabel="Custom System Operator Role"

The authorization policy of those users that possess the changed role is updated.

If the DN to a CustomRule MO was deleted and this MO is not referenced by any other CustomRole MO, then the CustomRule MO can be deleted, refer to Delete Custom Rule.