In the EMA, navigate to All > OAM > Local Auth > Rule-list > Rule.
The window Rule appears, with the table Rule List.
Figure 1: Rule window
Select a Rule-list from the drop-down menu Rule-list.
The selected Rule-list appears in the table Rule List.
The parameters (presented as columns) in the table Rule List are:
Table 1: Rule List Parameters
Column | Description |
---|---|
Name | Arbitrary name assigned to the rule. |
Module-name | Name of the module associated with this rule. This leaf matches if it has the value * or if the object being accessed is defined in the module with the specified module name. |
Access-operations | Access operations associated with this rule. This leaf matches if it has the value * or if the bit corresponding to the required operation is set. |
Action | The access control action associated with the rule. If a rule is determined to match a particular request, then this object is said to determine whether to permit or deny the request. |
Comment | Text description of the access rule. |
Context | This leaf matches if it has the value * or if its value identifies the agent that is requesting access, e.g., netconf for NETCONF, cli for CLI and webui for Web UI. |
The string * indicates that all possible values of the corresponding parameter is valid for the chosen rule.
Edit Rule
To edit a Rule, select it in the table Rule List.
The frame Edit Selected Rule appears below the table Rule List.
The fields in this frame are same as that of the table Rule List. For brief descriptions of the fields, see the table in the previous section.
Make necessary changes and click Save, to save all the changes made. Click Undo Edits to cancel all modifications made since the last saved configuration.
On saving the changes successfully, the Success message appears.
Create Rule
To create new Rule, select a Rule-list from the drop-down menu Rule-List, that does not belongs to any one of the following Groups:
- Administrator
- Operator
- FieldService
- Guest
- Calea
- SecurityAuditor
For details on Cmdrule, refer to Rule-list Cmdrule. For details on Rule-list and Group, refer to Local Auth - Rule-list and Local Auth - Group respectively.
Choosing the option All Rule-lists
from the drop-down menu Rule-list does not allow access to the button New Rule.
Click the button New Rule.
The frame Create New Rule appears.
The fields in this frame are same as that of the table Rule List. For brief descriptions of the fields, see the table in the previous section.
Make necessary changes and click Save, to save all the changes made. Click Undo Edits to cancel all modifications made since the last saved configuration.
On saving the changes successfully, the Success message appears.
Users are not allowed to create a New Rule if the Rule corresponds to a Rule-list that belongs to any one of the following groups:
- Administrator
- Operator
- FieldService
- Guest
- Calea
- SecurityAuditor
For example, 888
is a Rule, for which the corresponding Rule-list is DATA-157
. It belongs to the Group Administrator
. An attempt to create the Rule 888
results in the following Error message:
Copy Rule
To copy a Rule, from the drop-down menu Rule-list, select a Rule-list that does not belongs to any one of the following Groups:
- Administrator
- Operator
- FieldService
- Guest
- Calea
- SecurityAuditor
For details on Cmdrule, refer to Rule-list Cmdrule. For details on Rule-list and Group, refer to Local Auth - Rule-list and Local Auth - Group respectively.
Select the appropriate Rule from the table Rule List. Click the button Copy Rule.
The frame Copy Selected Rule appears below the table Rule List.
The fields in this frame are same as that of the columns in the table Rule List. For brief description of the fields, refer to the table in the first section.
Make the necessary changes and click Save, to save the changes made. Click the button Undo Edits to cancel all changes made since the last saved configuration.
On saving the changes successfully, the Success message appears.
Users are not allowed to copy a Rule and create a new Rule with some or all configurations different, if the Rule corresponds to a Rule-list that belongs to any one of the following groups:
- Administrator
- Operator
- FieldService
- Guest
- Calea
- SecurityAuditor
For example, 666
is one such Rule that it is a copy of the Rule 157
. for which the corresponding Rule-list is DATA-157
. It belongs to the Group Administrator
. An attempt to copy the Rule 157
results in the following Error message:
Reorder Rule
To reorder a Rule, from the drop-down menu Rule-list.
Select the appropriate Rule from the table Rule List. Click the button Reorder Rule.
The frame Reorder Rule appears below the table Rule List.
This frame contains a drop-down menu, which presents the possible destinations of the Rule selected for reordering. The possible destinations are:
- after
- before
- to the first place
- to the last place
If the chosen destination is after or before, the SBC asks the user to provide the Rule, after/before which the selected Rule is to be placed. In this case, the appearance of the frame Reorder Rule changes slightly.
If the chosen destination is to the first place or to the last place, the appearance of the frame remains the same.
Make the necessary changes and click Save, to save the changes made. Click the button Undo Edits to cancel all changes made since the last saved configuration.
On saving the changes successfully, the Success message appears.