Page History
...
Table 9-1 Elements of the Manage roles command
Element Description
...
| Element | Description |
|---|---|
| action | Values: manage-roles Mandatory: yes |
| i3- |
...
| user | See Authenticate to CLI Utility on page 8. |
...
| is-encrypted- |
...
| password | See Authenticate to CLI Utility on page 8. |
| roles- |
...
| parametersfile | Values: the parameters file that holds the roles definitions. Mandatory: Yes |
The parameters file contains the definitions for one or more roles. The file structure is as follows
<root>
<role>
Role definition
</role>
…additional roles definitions
</root>
| Info |
|---|
...
When managing only one role the <role> tag is not required. |
<root>
Role definition
</root>
Required permissions
To activate the roles management command the user must have ADMINISTRATE.EXECUTE permissions for Precise technology.
Roles definitions limitations
A user activating this command can add/edit/delete roles only if the permissions the role contains are in the scope of the user's permissions.
For example, if a user has ADMINISTRATE.VIEW permission on an Oracle instance he can create a new role with ADMINISTRATE.VIEW permission on the Oracle instance he has the same permission on, however, he will not be able to assign ADMINISTRATE.VIEW on another instance or define ADMINISTRATE.EXECUTE on the same instance.
Handling errors
The CLI mechanism always skips to the next role and does not halt the whole operation in case of error. In case the CLI fails for a specific role a message is issued to the screen and the problem is logged in the CLI log file.
Adding a new role
The definition for adding a new role is as follows:
<root>
<parameter name="action" value="add"/>
<parameter name="role-name" value="role-name"/>
<parameter name="role-scope" value="role-scope"/>
<complex name="permissions">
<parameter permission-type="permission-type" permission-operation="permission-operation"/>
…additional permissions definitions
</complex>
<complex name="resources" [value="*"]> [<parameter [resource-information]/>
…additional resources definitions ]
</complex>
[<complex name="nodes" [value="*"]>
<parameter node-name="node-name"/>
…additional nodes definitions
</complex>]
</root>
Table 9-2 Parameter values for Adding a new role
Parameter Description
...
| Parameter | Description |
|---|---|
| action | The action we wish to perform on the defined role. Value: add. |
| role- |
...
| name | Value: The name of the role to be added. Mandatory: Yes |
| role- |
...
| scope | The scope of the role the user wants to define the permissions on. Value: technology, application, Tier, or instance. |
...
See Table 9-3 on page 111. Mandatory: Yes |
| permissions |
...
The permissions we wish to assign to this role.
|
...
Mandatory: Yes | |
| permission- |
...
| type | The permission type name we wish to assign to this role, for example: monitor. Mandatory: Yes |
| permission- |
...
| operation | The permission operation name we wish to assign to this role, for example: view. Mandatory: Yes |
| resources |
...
The resources the role permissions apply to. Mandatory: Yes |
| resource- |
...
| information | Resource information holds the information of the resource the permission is granted on. This information is derived from the role scope parameter, as shown in Table 9-3 on page 111. Mandatory: Yes |
| nodes |
...
This parameter is relevant only to ‘technology’ role scope. Use this parameter to define technologies permissions on specific nodes. If this parameter is not defined the technology permissions will apply on all nodes. Value: Name of the node |
...
Mandatory: No |
Table 9-3 Role scope parameters
...