Local Authentication - CLI

In this section:

Group

Use this command to create or delete a user group.

You cannot delete a default user group.

Command Syntax

% set oam localAuth group <group name>
% show oam localAuth group

Command Parameter

Parameter	Length/Range	Description
`group`	1-23 characters	`<group name>` – The name of the user group. The characters #%^&(){}<>,/\;`[]=!$"*?\|~ and SPACE are not allowed.

Configuring Multiple CALEA Users in a User Group

Modified: for 12.1.2

The SBC is enhanced to support multiple CALEA users to align with RAMP. This allows "calea" users from different countries to push their targets to the respective X1 interfaces.

Start

Create the primary calea user "calea" as admin user.
Example
```
set oam localAuth user calea group Calea
```
Login as the 'calea' user and create the secondary calea users ("calea1," "calea2," etc.). All secondary users will belong to the same group "Calea."
Example
```
set oam localAuth user calea1 group Calea
set oam localAuth user calea2 group Calea
commit
```

Note

Refer to Multi-Country LI for VoLTE IMS for additional details.

Rule-List

Command Syntax

% set oam localAuth rule-list <rule list name>
	cmdrule <string: min 1 character>
		access-operations <(string) | create | delete | exec | read | update>
		action <deny | permit>
		command <string>
		comment <string>
		context <string>
	group <group name>
	rule <string: min 1 character>
		access-operations <(string) | create | delete | exec | read | update>
		action <deny | permit>
		comment <string>
		context <string>
		module-name <string>
		path <string>
		rpc-name <string>

Command Parameters

Parameter	Description
`rule-list`	`<rule list name>` – The unique rule-list name.
`cmdrule`	`<command rule>` – The name of the actionable, space-separated command rule. `access-operations <(string) \| create \| delete \| exec \| read \| update>` – The access operation to associate with this command rule. `action` – Choose to deny or permit the specified command. `deny` `permit` `command <string>` – The name of the actionable command. `comment <string>` – Textual description of this command rule. `context <string>` – Use * to match all possible values, or specify the agent that is requesting access, for example, netconf for NETCONF, cli for CLI and webui for Web UI.
`group`	`<group name>` – The name of the user group to associate with this rule-list. If not selected, this parameter defaults to the group that corresponds to the current level of access of this current session.
`rule`	`<Rule name>` – Rules are processed in a user-defined order until a match is found. A rule matches if 'module-name,' 'rule-type,' and 'access-operations' match the request. If a rule matches, the 'action' leaf determines if access is granted or not. `access-operations <(string) \| create \| delete \| exec \| read \| update>` – `action <deny \| permit>` – The access control action to associate with the rule. If a rule matches a particular request, use this flag to determine whether to permit or deny the request. `comment <string>` – Textual description of the rule-list rule. `context <string>` – Use * to match all possible values, or specify the agent that is requesting access, for example, netconf for NETCONF, cli for CLI and webui for Web UI. `module-name <string>` – Name of the module associated with this rule. `path <string>` `rpc-name <string>`

User

Command Syntax

% set oam localAuth user <user name>
	accountAgingState <disabled  |  enabled>
	accountRemovalState <disabled  |  enabled>
	group <Administrator | Calea | FieldService | Guest | Operator | SecurityAuditor>
	interactiveAccess  <disabled  |  enabled>
	m2mAccess <disabled  |  enabled>
	passwordAgingState <disabled  |  enabled>
	passwordLoginSupport <disabled  |  enabled>

% show oam localAuth
	displaylevel
	group
	rule-list
	user

% delete oam localAuth user <user name>

Command Parameters

Info

Refer to Account Management - CLI for system-level configuration of OS account aging, account aging, account removal, brute-force attack, maximum number of sessions, password aging, and session idle timeout.

Parameter	Description
`user`	The name of the group user.
`accountAgingState`	The account aging state for a particular user. `disabled` `enabled` (default) Note: The `accountAgingState` can only be set to `disabled` if the `accountRemovalState` has already been set to disabled in a previous configuration commit. It is not possible to set them both to disabled in a single commit statement.
`accountRemovalState`	Use this flag to enable/disable the account removal feature for this user. `disabled` `enabled` (default)
`group`	Use this control to specify user authentication group type: `Administrator` `Calea` `FieldService` `Guest` `Operator` `SecurityAuditor` Note: For guidance with adding users to the SBC, refer to Managing SBC Core Users and Accounts.
`interactiveAccess`	When enabled, this flag allows the specified user access to interactive interfaces such as CLI and EMA. `disabled` `enabled` (default)
`m2mAccess`	Enable this flag to allow the specified user machine-to-machine access to RESTCONF API. For RESTCONF API details, refer to RESTCONF API Reference Guide. `disabled` (Default for all users except Administrator and Calea groups) `enabled` (Default for Administrator and Calea group users)
`passwordAgingState`	The password aging state for the specified user. `disabled` `enabled` (default)
`passwordLoginSupport`	Enable flag to allow specified user to login using password. `disabled` `enabled` (default)
`displaylevel`	To display different levels of output information in show commands.

Command Example

The following example shows current authorizations for configured users.

> show status oam localAuth user
userStatus admin {
    currentStatus Enabled;
    userId        3000;

Space shortcuts

Page tree

Group

Command Syntax

Command Parameter

Configuring Multiple CALEA Users in a User Group

Rule-List

Command Syntax

Command Parameters

User

Command Syntax

Command Parameters

Command Example