Contents
1 Description
This instruction describes how to unlock the local authorization method.
The local authorization method is used to enforce the access control of users to the Management Information Base (MIB) or to specific commands exposed over the Ericsson Command-Line Interface (ECLI).
The administrator can unlock the local authorization to enable the local authorization based on defined rules and roles when the managed element is operational or to test the proper execution of local authorization.
- Note:
- When local authorization is unlocked, authorization is performed. The change of state affects existing and new ECLI and NETCONF sessions, as well as logon access.
2 Procedure
2.1 Unlock Local Authorization Method
Prerequisites
- No documents are required.
- No tools are required.
- The following conditions must apply:
- The user has the System Security Administrator role.
- The administrative state is LOCKED.
- An ECLI session in Exec mode is in progress.
Steps
- Navigate to the LocalAuthorizationMethod managed object, for example:
>dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LocalAuthorizationMethod=1
- Enter Config mode:
(LocalAuthorizationMethod=1)>configure
- Unlock the local authorization method:
(config-LocalAuthorizationMethod=1)>administrativeState=UNLOCKED
- Commit the setting:
Attention!Risk of data loss or data corruption.
The change of state affects existing and new ECLI and NETCONF sessions, possibly closes open connections and blocks logon access for users not defined in LocalAuthenticationMethod.
(config-LocalAuthorizationMethod=1)>commit
- Connect to ECLI again, if needed.
- Verify the result:
(LocalAuthorizationMethod=1)>show
The following is an example output:
LocalAuthorizationMethod=1 administrativeState=UNLOCKED [...]
- The authorization is now enforced according to the defined roles and rules.