You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

In this section:

 

The local authentication object allows an administrator to manage 

Unable to show "metadata-from": No such page "_space_variables"
user authorizations by assigning a user to one of the predefined groups.

For user authentication and group details, refer to Default Accounts and Passwords.

When a new user is created, the system generates a password for that account. The new user should change the default password after initial login.

Creating a user ID named "sonusadmin" via CLI is not allowed. If "sonusadmin" exists when upgrading to this release, it will automatically be removed.

For CLI details regarding changing passwords, see change-password page.

Group

Use this command to create or delete a user group.

You cannot delete a default user group.

 

Command Syntax

% set oam localAuth group <group name>

% show oam localAuth group

% delete oam localAuth group <group name>

Command Parameter

ParameterLength/RangeDescription
group1-23 characters<group name> – The name of the user group. The characters #%^&(){}<>,/\;`[]=!$"*?|~ and SPACE are not allowed.

 

Rule-List

Command Syntax

% set oam localAuth rule-list <rule list name>
	cmdrule <string: min 1 character>
		access-operations <(string) | create | delete | exec | read | update>
		action <deny | permit>
		command <string>
		comment <string>
		context <string>
	group <group name>
	rule <string: min 1 character>
		access-operations <(string) | create | delete | exec | read | update>
		action <deny | permit>
		comment <string>
		context <string>
		module-name <string>
		path <string>
		rpc-name <string>

 

Command Parameters

ParameterLength/RangeDescription
rule-list <rule list name> – The unique rule-list name
cmdrulestring: 1 character min.

 

  • access-operations <(string) | create | delete | exec | read | update> – The
  • action – Choose to deny or permit the specified command.
    • deny
    • permit
  • command <string>
  • comment <string>
  • context <string>
group <group name> – The name of the user group to associate with this rule-list. If not selected, the
rule 
 
  • access-operations <(string) | create | delete | exec | read | update>
  • action <deny | permit>
  • comment <string>
  • context <string>
  • module-name <string>
  • path <string>
  • rpc-name <string>

User

Command Syntax

% set oam localAuth user <user name>
	accountAgingState <disabled  |  enabled>
	group <Administrator | Calea | FieldService | Guest | Operator | SecurityAuditor>
	interactiveAccess  <disabled  |  enabled>
	m2mAccess <disabled  |  enabled>
	passwordAgingState <disabled  |  enabled>
	passwordLoginSupport <disabled  |  enabled>

% show oam localAuth
   user <user name>
   group <group name>
   displaylevel <displaylevel>

% delete oam localAuth user <user name>

Command Parameters

Local Authentication Parameters

 

Parameter

Length/Range

Description

user

N/A

Specifies the name of the group user.

accountAgingStateN/A

The account aging state for a particular user.

  • disabled
  • enabled (default)

group

N/A

Use this control to specify user authentication group type:

  • Administrator  
  • Calea
  • FieldService  
  • Guest
  • Operator
  • SecurityAuditor

For guidance with adding users to the SBC, see Default Accounts and Passwords


interactiveAccess 

When enabled, this flag allows the specified user access to interactive interfaces such as CLI and EMA.

  • disabled  
  • enabled (default)
m2mAccess 

 Enable this flag to allow the specified user machine-to-machine access to REST API. For REST API details, see REST API User's Guide.

  • disabled (Default for all users except Administrator and Calea groups)
  • enabled (Default for Administrator and Calea group users)
passwordAgingStateN/A

The password aging state for the specified user.

  • disabled
  • enabled (default)
passwordLoginSupportN/A

Enable flag to allow specified user to login using password.

  • disabled
  • enabled (default)

displaylevel

1-64

To display different levels of output information in show commands.

User Data

Command Syntax

 

Command Parameters

Command Examples

The following example shows current authorizations for configured users.

% show oam localAuth
user admin {
    group                Administrator;
    passwordAgingState   enabled;
    accountAgingState    enabled;
    passwordLoginSupport enabled;
    interactiveAccess    enabled;
    m2mAccess            disabled;
}
  • No labels