Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Automatic update to correct links
Panel

In this section:

Table of Contents
maxLevel4

Add_workflow_for_techpubsAUTH1JIRAIDAUTHSBX-52070REV5REV6REV3REV1

 

Panel

In this section:

Table of Contents
maxLevel4

 

The local authentication object allows an administrator to manage 

Spacevars
0series4
user authorizations by assigning a user to one of the predefined groups.

For user authentication and group details, refer to Managing Default Groups and PasswordsSBC Core Users and Accounts.

Note
When a new user is created, the system generates a password for that account. The new user should change the default password after initial login.
Note

Creating a user ID named "sonusadmin" via CLI is not allowed. If "sonusadmin" exists when upgrading to this release, it will automatically be removed.

For CLI details regarding changing passwords, refer to change-password page.

Group

Use this command to create or delete a user group.

Note

You cannot delete a default user group.

 

Command Syntax

Code Block
languagenone
% set oam localAuth group <group name>

% show oam localAuth group

% delete oam localAuth group <group name>

Command Parameter

ParameterLength/RangeDescription
group1-23 characters<group name> – The name of the user group. The characters #%^&(){}<>,/\;`[]=!$"*?|~ and SPACE are not allowed.

 

Rule-List

Command Syntax

Code Block
% set oam localAuth rule-list <rule list name>
	cmdrule <string: min 1 character>
		access-operations <(string) | create | delete | exec | read | update>
		action <deny | permit>
		command <string>
		comment <string>
		context <string>
	group <group name>
	rule <string: min 1 character>
		access-operations <(string) | create | delete | exec | read | update>
		action <deny | permit>
		comment <string>
		context <string>
		module-name <string>
		path <string>
		rpc-name <string>

 

Command Parameters

ParameterDescription
rule-list<rule list name> – The unique rule-list name.
cmdrule

<command rule> – The space-separated command rule to take action against.

  • access-operations <(string) | create | delete | exec | read | update>The access operation to associate with this command rule.
  • action – Choose to deny or permit the specified command.
    • deny
    • permit
  • command <string> – The command to take action against.
  • comment <string> – Textual description of this command rule.
  • context <string>Use * to match all possible values, or specify the agent that is requesting access, for example, netconf for NETCONF, cli for CLI and webui for Web UI.
group<group name> – The name of the user group to associate with this rule-list. If not selected, this parameter defaults to the group that corresponds to the current level of access of this current session.
rule
 The rule object.
  • access-operations <(string) | create | delete | exec | read | update>
  • action <deny | permit>The access control action to associate with the rule. If a rule matches a particular request, use this flag to determine whether to permit or deny the request.
  • comment <string>Textual description of the rule-list rule.
  • context <string>Use * to match all possible values, or specify the agent that is requesting access, for example, netconf for NETCONF, cli for CLI and webui for Web UI.
  • module-name <string>Name of the module associated with this rule.
  • path <string>
  • rpc-name <string>

User

Multiexcerpt include
MultiExcerptNameUniqueHomeDirectory_6.0
PageWithExcerptALLDOC:SBC Core Groups and Passwords

Command Syntax

Code Block
languagenone
% set oam localAuth user <user name>
	accountAgingState <disabled  |  enabled>
	accountRemovalState <disabled  |  enabled>
	group <Administrator | Calea | FieldService | Guest | Operator | SecurityAuditor>
	interactiveAccess  <disabled  |  enabled>
	m2mAccess <disabled  |  enabled>
	passwordAgingState <disabled  |  enabled>
	passwordLoginSupport <disabled  |  enabled>

% show oam localAuth
   user <user name>
   group <group name>
   displaylevel <displaylevel>	displaylevel
	group
	rule-list
	user

% delete oam localAuth user <user name>

Command Parameters

Info
titleInfo
Refer to Account Management - CLI for system-level configuration of OS account aging, account aging, account removal, brute-force attack, maximum number of sessions, password aging and session idle timeout.
Caption
0Table
1 Local Authentication Parameters
 

Parameter

Description

user

Specifies the name of the group user.

accountAgingState

The account aging state for a particular user.

  • disabled
  • enabled (default)

Note: The accountAgingState can only be set to disabled if the accountRemovalState has already been set to disabled in a previous configuration commit. It is not possible to set them both to disabled in a single commit statement.

accountRemovalState

Use this flag to enable/disable the account removal feature for this user.

  • disabled
  • enabled (default)
Refer to Account Management - CLI for system level account management.

 

group

Use this control to specify user authentication group type:

  • Administrator  
  • Calea
  • FieldService  
  • Guest
  • Operator
  • SecurityAuditor

NOTE: For guidance with adding users to the SBC, refer to Managing

Default Groups and Passwords

SBC Core Users and Accounts.

interactiveAccess

When enabled, this flag allows the specified user access to interactive interfaces such as CLI and EMA.

  • disabled  
  • enabled (default)
m2mAccess

 Enable this flag to allow the specified user machine-to-machine access to REST API. For REST API details, refer to REST API User's Guide.

  • disabled (Default for all users except Administrator and Calea groups)
  • enabled (Default for Administrator and Calea group users)
passwordAgingState

The password aging state for the specified user.

  • disabled
  • enabled (default)
passwordLoginSupport

Enable flag to allow specified user to login using password.

  • disabled
  • enabled (default)

displaylevel

To display different levels of output information in show commands.

 

Command Example

The following example shows current authorizations for configured users.

Code Block
languagenone
%> show status oam localAuth user
useruserStatus admin {
    group                AdministratorcurrentStatus Enabled;
    passwordAgingStateuserId   enabled;
    accountAgingState    disabled;
    passwordLoginSupport enabled;
    interactiveAccess    enabled;
    m2mAccess            enabled;
    accountRemovalState  disabled;
}3000;

Pagebreak