Change Custom Role

1 Description

This instruction describes how to change a custom role.

The administrator can change custom roles when the earlier defined custom roles need to be modified because of changes in the organization authorization policy.

2 Procedure

2.1 Change Custom Role

Prerequisites

The instruction references the following document:
- Delete Custom Rule
No tools are required.
The following conditions must apply:
- The user has the System Security Administrator role.
- A CustomRole Managed Object (MO) exists.
- The Distinguished Names (DNs) to add to or delete from a CustomRule MO are known.
- The custom rules to add, change, or delete are known and reflect the wanted authorization policy change.
- An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.

Steps

Navigate to the CustomRole MO, for example:
>dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LocalAuthorizationMethod=1,CustomRole=CustomSystemOperator

View the current settings:

(CustomRole=CustomSystemOperator)>show -v

The following is an example output:

CustomRole=CustomSystemOperator
   roleName="CustomSystemOperator"
   rules=
      "ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,⇒
UserManagement=1,LocalAuthorizationMethod=1,CustomRule=⇒
Custom_FaultManagement_1"
   userLabel="Custom System Operator Role"

Enter Config mode:
(CustomRole=CustomSystemOperator)>configure
Add, change, or delete the DNs for rules in the CustomRule MO, for example:
(config-CustomRole=CustomSystemOperator)>rules="ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LocalAuthorizationMethod=1,CustomRule=Custom_PerformanceManagement_1"

In this example, one rule is added.
Commit the setting:
(config-CustomRole=CustomSystemOperator)>commit

Verify the result:

(CustomRole=CustomSystemOperator)>show -v

The following is an example output:

CustomRole=CustomSystemOperator
   roleName="CustomSystemOperator"
   rules=
      "ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,⇒
UserManagement=1,LocalAuthorizationMethod=1,CustomRule=⇒
Custom_FaultManagement_1"
      "ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,⇒
UserManagement=1,LocalAuthorizationMethod=1,CustomRule=⇒
Custom_PerformanceManagement_1"
   userLabel="Custom System Operator Role"

The authorization policy of those users that possess the changed role is updated.

If the DN to a CustomRule MO was deleted and this MO is not referenced by any other CustomRole MO, then the CustomRule MO can be deleted, refer to Delete Custom Rule.