Name
[Windows Manager]
Installation_folder\RCXCTMG\SecurityManagement\bin\ctac_updauthority - Access Authority Modification
[Linux Manager]
/opt/FJSVctsec/bin/ctac_updauthority.sh - Access Authority Modification
Synopsis
[Windows Manager]
ctac_updauthority -f access authority information file ctac_updauthority -r role name -a action ID of modification target -p Allow/deny status of specified operation
[Linux Manager]
ctac_updauthority.sh -f access authority information file ctac_updauthority.sh -r role name -a action ID of modification target -p Allow/deny status of specified operation
Function description
Modifies L-Platform access authority for tenant users and tenant administrators.
Note
Before executing the command, perform one of following procedure to prevent operations be done from L-Platform Management page.
Separate the admin server from the external networks.
Stop following Web servers.
RCXCT-ext
RCXCT-ext2
If not, the authorities of the users will be updated immediately, and the behavior of some operations on the L-Platform Management page may change during its procedure.
Options
Specify the access authority information file. Customize the access authority for access authority information files acquired using the access authority information acquisition command and specify.
Note
Action IDs in access authority information file cannot be omitted.
Specify target role from one of the following two roles:
tenant_admin
tenant_user
Specify the action ID of the modification target.
Default values of the Action IDs versus each Role are defined in the "Table 12.1 Default values of the Action IDs versus each Role".
Action ID | Details | Default Access Setting | |
|---|---|---|---|
Tenant administrator | Tenant user | ||
SystemDesign | L-Platform subscription operation in L-Platform management. The L-Platform subscription menu will display if this operation is allowed. | Yes | Yes |
ResourceDesign | Reconfiguration operation in L-Platform management. The Reconfiguration page can be displayed by clicking the Reconfiguration button on the L-Platform details page if this operation is allowed. | Yes | Yes |
ResourceDelete | Cancel operation in L-Platform management. The Check L-Platform page can be displayed by clicking the Cancel L-Platform button on the L-Platform details page if this operation is allowed. | Yes | Yes |
InstanceStart | Operation for single server startup and batch server power supply startup in L-Platform management. Single or batch startup of servers can be performed if this operation is allowed. | Yes | Yes |
InstanceStop | Operation for single server shutdown or batch server power supply shutdown in L-Platform management. Single or batch shutdown of servers can be performed if this operation is allowed. | Yes | Yes |
ImageExec | Operation to extract virtual server snapshot in L-Platform management. Virtual server snapshots can be extracted if this operation is allowed. | Yes | Yes |
Operation to backup physical servers in L-Platform management. Physical server backups can be extracted if this operation is allowed. | Yes | Yes | |
Operation to extract server images in L-Platform management. Server images can be extracted if this operation is allowed. | Yes | No | |
ImageRestore | Operation to restore virtual server snapshot in L-Platform management. The virtual server snapshot can be restored if this operation is allowed. | Yes | Yes |
Operation to restore physical server backup in L-Platform management. Physical server backup can be restored if this operation is allowed. | Yes | Yes | |
ImageDelete | Operation to delete virtual server snapshot in L-Platform management. The virtual server snapshot can be deleted if this operation is allowed. | Yes | Yes |
Operation to delete physical server backups in L-Platform management. Physical server backups can be deleted if this operation is allowed. | Yes | Yes | |
FirewallDesign | Operation to modify parameter values for the firewall ruleset. Firewall settings can be performed if this operation is allowed. | Yes | Yes |
TimeSeriesAnalysis_EventLogDisplay | Operation to refer event log in the L-Platform Management page. Event Log menu will be displayed if this operation is allowed. | Yes | Yes |
Yes: Default authority "on" and can be updated by command.
No: Default authority "off" and cannot be updated.
Specifies whether the specified operation is allowed or denied.
on: Allowed
off: Denied
Requirements
Infrastructure administrator with OS administrator privilege
Admin server
Example
This is the coding to specify an access authority information file and modify the authority.
> ctac_updauthority -f in.xml
# ctac_updauthority.sh -f in.xml
This is the coding to invalidate L-Platform reconfiguration operations and event log reference operations for tenant users.
> ctac_updauthority -r tenant_user -a ResourceDesign -p off > ctac_updauthority -r tenant_user -a TimeSeriesAnalysis_EventLogDisplay -p off
# ctac_updauthority.sh -r tenant_user -a ResourceDesign -p off # ctac_updauthority.sh -r tenant_user -a TimeSeriesAnalysis_EventLogDisplay -p off
Exit Status
This command returns the following values:
The command executed successfully.
An error has occurred.
