In this section:
The local authentication object allows an administrator to manage SBC Core user authorizations by assigning a user to one of the predefined groups.
For user authentication and group details, refer to Managing SBC Core Users and Accounts.
Creating a user ID named "sonusadmin" via CLI is not allowed. If "sonusadmin" exists when upgrading to this release, it will automatically be removed.
For CLI details regarding changing passwords, refer to change-password page.
Use this command to create or delete a user group.
You cannot delete a default user group.
% set oam localAuth group <group name> % show oam localAuth group
Parameter | Length/Range | Description |
---|---|---|
group | 1-23 characters | <group name> – The name of the user group. The characters #%^&(){}<>,/\;`[]=!$"*?|~ and SPACE are not allowed. |
Modified: for 12.1.2
The SBC is enhanced to support multiple CALEA users to align with RAMP. This allows "calea" users from different countries to push their targets to the respective X1 interfaces. Startset oam localAuth user calea group Calea
set oam localAuth user calea1 group Calea
set oam localAuth user calea2 group Calea
commit
Refer to Multi-Country LI for VoLTE IMS for additional details.
% set oam localAuth rule-list <rule list name> cmdrule <string: min 1 character> access-operations <(string) | create | delete | exec | read | update> action <deny | permit> command <string> comment <string> context <string> group <group name> rule <string: min 1 character> access-operations <(string) | create | delete | exec | read | update> action <deny | permit> comment <string> context <string> module-name <string> path <string> rpc-name <string>
Parameter | Description |
---|---|
rule-list | <rule list name> – The unique rule-list name. |
cmdrule |
|
group | <group name> – The name of the user group to associate with this rule-list. If not selected, this parameter defaults to the group that corresponds to the current level of access of this current session. |
rule |
|
% set oam localAuth user <user name> accountAgingState <disabled | enabled> accountRemovalState <disabled | enabled> group <Administrator | Calea | FieldService | Guest | Operator | SecurityAuditor> interactiveAccess <disabled | enabled> m2mAccess <disabled | enabled> passwordAgingState <disabled | enabled> passwordLoginSupport <disabled | enabled> % show oam localAuth displaylevel group rule-list user % delete oam localAuth user <user name>
Parameter | Description |
---|---|
| The name of the group user. |
accountAgingState | The account aging state for a particular user.
Note: The |
accountRemovalState | Use this flag to enable/disable the account removal feature for this user.
|
| Use this control to specify user authentication group type:
Note: For guidance with adding users to the SBC, refer to Managing SBC Core Users and Accounts. |
interactiveAccess | When enabled, this flag allows the specified user access to interactive interfaces such as CLI and EMA.
|
m2mAccess | Enable this flag to allow the specified user machine-to-machine access to RESTCONF API. For RESTCONF API details, refer to RESTCONF API Reference Guide.
|
passwordAgingState | The password aging state for the specified user.
|
passwordLoginSupport | Enable flag to allow specified user to login using password.
|
| To display different levels of output information in show commands. |
The following example shows current authorizations for configured users.
> show status oam localAuth user userStatus admin { currentStatus Enabled; userId 3000;