...
Code Block |
---|
root@spflow:~# /usr/local/omk/bin/oprbac_admin.exe act=create-object path=root,opflowsp,agent,10.10.1.1,interface,3 read_privileges=CustomerA_read created new object |
Syntax
...
/usr/local/omk/bin/oprbac_admin.exe act=create-object path=root,opflowsp,agent,<IP Address>,interface,<SNMP IF Number> read_privileges=<Privilege Tag>
...
Code Block |
---|
root@spflow:~# /usr/local/omk/bin/oprbac_admin.exe act=update-role name=CustomerA privileges=CustomerA_read updated role. |
Syntax
...
/usr/local/omk/bin/oprbac_admin.exe act=update-role name=<Role Name> privileges=<Privilege Tag>
- Role Name: The role that user is assigned to.
- Privilege Tag: The privilege tag that is associated with the previously defined interface object that the user is allowed to view.
Verification
Log in as the newly configured user and verify only the allowed interfaces are available.
The CLI can also be used to verify access as seen below.
Code Block |
---|
root@spflow:~# /usr/local/omk/bin/oprbac_admin.exe act=list-users verbose=1
Name Description Roles Properties Privileges
CustomerA_NOC CustomerA
root@spflow:~# /usr/local/omk/bin/oprbac_admin.exe act=list-roles verbose=1
Name Description Properties Privileges
CustomerA CustomerA_read
root@spflow:~# /usr/local/omk/bin/oprbac_admin.exe act=list-objects verbose=1
Path Description Create Read Update Delete
root,opflowsp,agent,10.10.1.1,interface,3 N/A CustomerA_read N/A N/A |