Role Based Administration (RBA)
Description:
The access to gclish features is controlled by Role Based Administration (RBA): each user is assigned with a role. Each role has a set of read-only features and read-write features. The user is not exposed to any features, other than the ones assigned to his role.
RBA configuration and properties for the 61000/41000 Security System is the same as for Gaia. See the Gaia Administration Guide for more details.
Notes:
- Extended commands have no read/write notion. When an extended command is added to a role (either as read or write), it can be executed by the users assigned to this role, regardless of its implications
- Each extended command should be separately added to role. Since asg command is the "entrance" to the 61000/41000 Security System, it usually needs to be added to all roles
- In order to allow user to run extended commands, its uid must be zero. This property is enforced when adding new users
- The user account information file located at /etc/passwd should not be edited by the user. RBA configuration should be performed only via gclish.
Example:
> add rba role myRole domain-type System readonly-features Chassis,interface readwrite-features route
> add user myUser uid 0 homedir /home/myUser
> set user myUser password
> add rba user myUser roles myRole
> show rba role myRole
|