Role Based Administration (RBA)
The access to gclish features is controlled by Role Based Administration (RBA). Each user is assigned a role. Each role has a set of read-only features and read-write features. The user is not exposed to any features, other than the ones assigned to his role.
RBA configuration and properties for the 61000/41000 Security System are the same as for Gaia. See the Gaia Administration Guide for more details.
Notes:
- Extended commands have no read/write notion. When an extended command is added to a role (either as read or write), it can be executed by the users assigned to this role, regardless of its implications.
- Each extended command should be separately added to role. Because
asg is the "entrance" to the 61000/41000 Security System, it usually needs to be added to all roles. - A user's uid must be zero to run to run extended commands. This property is enforced when adding new users.
- Do not edit the
/etc/passwd file. Only do RBA configuration with gclish.
Example:
> add rba role myRole domain-type System readonly-features Chassis,interface readwrite-features route
> add user myUser uid 0 homedir /home/myUser
> set user myUser password
> add rba user myUser roles myRole
> show rba role myRole
|
