Create Custom Rule

1 Introduction

This document describes how to create a custom rule.

The administrator can create custom rules when the predefined rules do not match the needs of the organization authorization policy.

1.1 Prerequisites

This section describes the prerequisites, which must be fulfilled before using the procedure.

The following conditions must apply:

The user has the System Security Administrator role.
The model elements and permission types targeted by the custom rule are known and reflect the wanted authorization policy.
The new custom rule name is known.
An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.

To create a custom rule:

Navigate to the LocalAuthorizationMethod Managed Object (MO), for example:
>dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LocalAuthorizationMethod=1
Enter Config mode:
(LocalAuthorizationMethod=1)>configure
Create a CustomRule MO, for example:
(config-LocalAuthorizationMethod=1)>CustomRule=Custom_FaultManagement_1
Set the model elements for which the permission is applicable, for example:
(config-CustomRule=Custom_FaultManagement_1)>ruleData="ManagedElement,SystemFunctions,Fm,*"
Set the permissions the rule provides on a target specified by attribute ruleData, for example:
(config-CustomRule=Custom_FaultManagement_1)>permission=R

In this example, the custom rule gives read-only permission to class Fm, its attributes and child MOs.
Describe the policy for the rule, for example:
(config-CustomRule=Custom_FaultManagement_1)>userLabel="R Rule for FM and Child MOs"
Commit the settings:
(config-CustomRule=Custom_FaultManagement_1)>commit

Verify the result:

(CustomRule=Custom_FaultManagement_1)>show

The following is an example output:

CustomRule=Custom_FaultManagement_1
   permission=R
   ruleData="ManagedElement,SystemFunctions,Fm,*"
   userLabel="R Rule for FM and Child MOs"

The custom rule can now be assigned to custom roles, refer to Create Custom Role or Change Custom Role.