Contents
1 Description
This instruction describes how to create a custom role.
The administrator can create custom roles when the predefined roles do not match the needs of the organization authorization policy.
2 Procedure
2.1 Create Custom Role
Prerequisites
- No documents are required.
- No tools are required.
- The following conditions must apply:
- The user has the System Security Administrator role.
- At least one CustomRule Managed Object (MO) exists.
- The new custom role name is known and matches the name used in the Lightweight Directory Access Protocol (LDAP) authentication and authorization information store.
- An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.
- Note:
- It is not allowed to define a new CustomRole MO with an existing roleName.
Steps
- Navigate to the LocalAuthorizationMethod MO, for example:
>dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LocalAuthorizationMethod=1
- Enter Config mode:
(LocalAuthorizationMethod=1)>configure
- Create a CustomRole MO, for example:
(config-LocalAuthorizationMethod=1)>CustomRole=CustomSystemOperator
- Set the role name, for example:
(config-CustomRole=CustomSystemOperator)>roleName="CustomSystemOperator"
- Associate some existing custom rules to the custom role,
for example:
(config-CustomRole=CustomSystemOperator)>rules="ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LocalAuthorizationMethod=1,CustomRule=Custom_FaultManagement_1"
- Describe the role, for example:
(config-CustomRole=CustomSystemOperator)>userLabel="Custom System Operator Role"
- Commit the settings:
(config-CustomRole=CustomSystemOperator)>commit
- Verify the result:
(CustomRole=CustomSystemOperator)>show
The following is an example output:
CustomRole=CustomSystemOperator roleName="CustomSystemOperator" rules= "ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,⇒ UserManagement=1,LocalAuthorizationMethod=1,CustomRule=⇒ Custom_FaultManagement_1" userLabel="Custom System Operator Role" - The custom role can now be assigned to user accounts.