user role import
Import a role description or definition from a file that defines the list of commands a custom role is able to perform. See Appliance Users and Roles in the Administration Guide for more information.
A role definition file is a UNIX-format file containing a list of LunaSH commands that are allowed for the role, for example:
exit
help
scp
hsm init
hsm login
hsm logout
hsm show
my file list
partition create
All lines must end with a UNIX-style linefeed (lf) character. If you create your file in Windows, be sure to convert to the UNIX style before transferring it to an HSM appliance.
When the definition is applied to a named role using the command user role add, that role will have access only to commands that are named in the file.
NOTE The system does not pre-detect the purpose of the file, so it is up to you to name your role definition files usefully, and to recognize them when you import them.
LunaSH role names can be 1-64 characters in length. The following characters are allowed:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._
No spaces are allowed. Role names cannot start with a dot or dash. Creating a role name that begins with a number is not recommended. As with any secure system, no two roles can have the same name.
Syntax
user role import -file <filename> -role <rolename>
Argument(s) | Shortcut | Description |
---|---|---|
-file <filename> | -f | Name of the file being imported. |
-role <rolename> | -r |
The name of the administrative role for which a description file is being imported. |
Example
lunash:>user role import -file rolefile1 -role indigo "rolefile1" was successfully imported. Command Result : 0 (Success)