Overview  Containers  Contained  Inheritance  Events  Faults  FSMs  Properties Summary  Properties Detail  Naming 

Class aaa:Role (CONCRETE)

Class ID:307
Encrypted: false - Exportable: true - Persistent: true
Privileges: [aaa, admin]
SNMP OID: .1.3.6.1.4.1.9.9.719.1.1.27

This MO is used to manage a role which can be assigned to local user, remote user, ldap groups to control access for an user.

Naming Rules 
RN FORMAT: role-[name]

    [1] PREFIX=role- PROPERTY = name




DN FORMAT: 

[0] sys/user-ext/role-[name]


Containers Hierarchies
top:Root This class represents the root element in the object hierarchy. All managed objects in the system are descendants of the Root element.
 ├
 		top:System Provides general information about this system, such as the name, IP address and current time.
 
 		 ├
 		aaa:UserEp
 
 		 
 		 ├
 		aaa:Role


Contained Hierarchy
aaa:Role
 ├
 		fault:Inst An abnormal condition or defect at the component, equipment, or sub-system level which may lead to a failure, as defined in ISO/CD 10303-226.
Inheritance
naming:NamedObject
 ├
 		policy:Object
 
 		 ├
 		policy:Definition
 
 		 
 		 ├
 		aaa:Definition
 
 		 
 		 
 		 ├
 		aaa:Role
Events


Faults 
                aaa:Role:roleNotDeployed


Fsms


Properties Summary
Defined in: aaa:Role
aaa:ConfigState
          scalar:Enum8 		configState  (aaa:Role:configState)
           This property is used to specify configuration state of this role This can be ok (if deployable) or not-applied (if not deployable).
string:Basic configStatusMessage  (aaa:Role:configStatusMessage)
           This property is used to specify the reason for not-applying this role
naming:Name
          string:Basic 		name  (aaa:Role:name)
           Overrides:aaa:Definition:name | policy:Object:name | naming:NamedObject:name
           NO COMMENTS
aaa:Access
          scalar:Bitmask64 		priv  (aaa:Role:priv)
           This property is used to specify the privileges for this role, to restrict user access
Defined in: policy:Definition
naming:Descr
          string:Basic 		descr  (policy:Definition:descr)
           NO COMMENTS
policy:InternalId
          scalar:Uint32 		intId  (policy:Definition:intId)
           NO COMMENTS
scalar:Uint32 policyLevel  (policy:Definition:policyLevel)
           policyLevel is used internally by generic policy server.
policy:PolicyOwner
          scalar:Enum8 		policyOwner  (policy:Definition:policyOwner)
           "local" denotes policy created by local policy client, "policy" denotes a policy created by remote policy server.
Defined in: mo:TopProps
mo:ModificationChildAction
          scalar:Bitmask32 		childAction  (mo:TopProps:childAction)
          
reference:Object dn  (mo:TopProps:dn)
           The Distinguished Name (dn) unambiguously identifies an object in the system.
The dn provides a fully qualified path from the top of the object tree, all the way to the object. It is built as a sequence of relative names separated by the "/" character.
For example:
< ... dn = "sys/chassis-5/blade-2/adaptor-1" />
reference:RN rn  (mo:TopProps:rn)
           The Relative Name (rn) uniquely identifies an object within a given context.
Note that a dn is comprised of a sequence of relative names. For example, the context "sys/chassis-1/blade-1/adaptor-1/host-eth-2" can be thought of as the following expression:
dn = <root object>/{rn}/{rn}/{rn}/{rn}/{rn}.
The rn can then be used to identify the object (for instance, "adaptor-1") within the context:
<... rn ="../" />
mo:InstSaclType
          scalar:Bitmask8 		sacl  (mo:TopProps:sacl)
           The system acl property for each Managed Object. br/> This property is a 8 bit mask and supports the following values :-
a: del
b: mod
c: addchild
d: cascade

By default all Managed Objects have the following permissions
a: del
b: mod
c: addchild
This property is persisted in the db. If this property has a value none
it means, the user has read only permissions on this object.
mo:ModificationStatus
          scalar:Bitmask32 		status  (mo:TopProps:status)
           This property controls the life cycle of a managed object
Properties Detail

childAction

Type: mo:ModificationChildAction
Primitive Type: scalar:Bitmask32
Units: null
Encrypted: false
Access: implicit
Category: TopLevelChildAction
Property Validators:

Comments:
Constants
deleteAll 16384u NO COMMENTS
ignore 4096u NO COMMENTS
deleteNonPresent 8192u NO COMMENTS
DEFAULT 0 This type is used to

configState

Type: aaa:ConfigState
Primitive Type: scalar:Enum8
Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
Property Validators:

Comments:
This property is used to specify configuration state of this role This can be ok (if deployable) or not-applied (if not deployable).
Constants
ok 0 Indicates the MO has been deployed successfully
not-applied 1 Indicates failure in deploying the MO
DEFAULT ok(0) Indicates the MO has been deployed successfully

configStatusMessage

Type: string:Basic
Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "510"

Comments:
This property is used to specify the reason for not-applying this role

descr

Type: naming:Descr
Primitive Type: string:Basic
Like: naming:Described:descr
Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:
    Range:  min: "0"  max: "256"
        Allowed Chars:
            Regex: [a-zA-Z0-9\[\]!#$%()*+,-./:;@ _{|}˜?&]+

Comments:
NO COMMENTS

dn

Type: reference:Object
Units: null
Encrypted: false
Access: implicit
Category: TopLevelDn
Property Validators:

Comments:
The Distinguished Name (dn) unambiguously identifies an object in the system.
The dn provides a fully qualified path from the top of the object tree, all the way to the object. It is built as a sequence of relative names separated by the "/" character.
For example:
< ... dn = "sys/chassis-5/blade-2/adaptor-1" />

intId

Type: policy:InternalId
Primitive Type: scalar:Uint32
Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
Property Validators:

Comments:
NO COMMENTS
Constants
none 0u NO COMMENTS
DEFAULT none(0u) NO COMMENTS

name

Type: naming:Name
Primitive Type: string:Basic
Overrides:aaa:Definition:name  |  policy:Object:name  |  naming:NamedObject:name
Units: null
Encrypted: false
Naming Property -- [NAMING RULES]
Access: naming
Category: TopLevelRegular
Property Validators:
    Range:  min: "1"  max: "16"
        Allowed Chars:
            Regex: [a-zA-Z0-9_.:-]+

Comments:
NO COMMENTS

policyLevel

Type: scalar:Uint32
Units: null
Encrypted: false
Access: implicit
Category: TopLevelRegular
Property Validators:

Comments:
policyLevel is used internally by generic policy server.

policyOwner

Type: policy:PolicyOwner
Primitive Type: scalar:Enum8
Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:

Comments:
"local" denotes policy created by local policy client, "policy" denotes a policy created by remote policy server.
Constants
local 0 NO COMMENTS
policy 1 NO COMMENTS
pending-policy 2 NO COMMENTS
DEFAULT local(0) NO COMMENTS

priv

Type: aaa:Access
Primitive Type: scalar:Bitmask64
Units: null
Encrypted: false
Access: admin
Category: TopLevelRegular
Property Validators:

Comments:
This property is used to specify the privileges for this role, to restrict user access
Constants
ext-lan-policy 1024ull NO COMMENTS
pn-maintenance 1048576ull NO COMMENTS
ls-security-policy 1073741824ull NO COMMENTS
pod-security 128ull NO COMMENTS
pn-equipment 131072ull NO COMMENTS
ls-config-policy 134217728ull NO COMMENTS
ls-compute 137438953472ull NO COMMENTS
ext-san-policy 16384ull NO COMMENTS
ls-security 16777216ull NO COMMENTS
aaa 16ull NO COMMENTS
power-mgmt 17179869184ull NO COMMENTS
ext-lan-security 2048ull NO COMMENTS
ls-config 2097152ull NO COMMENTS
ls-server-policy 2147483648ull NO COMMENTS
pod-qos 256ull NO COMMENTS
pn-policy 262144ull NO COMMENTS
ls-storage-policy 268435456ull NO COMMENTS
org-management 274877906944ull NO COMMENTS
admin 2ull NO COMMENTS
ext-san-security 32768ull NO COMMENTS
pod-config 32ull NO COMMENTS
ls-server 33554432ull NO COMMENTS
ext-lan-qos 4096ull NO COMMENTS
ls-storage 4194304ull NO COMMENTS
ls-qos-policy 4294967296ull NO COMMENTS
operations 4ull NO COMMENTS
ext-lan-config 512ull NO COMMENTS
pn-security 524288ull NO COMMENTS
ls-network-policy 536870912ull NO COMMENTS
pod-policy 64ull NO COMMENTS
ext-san-qos 65536ull NO COMMENTS
ls-qos 67108864ull NO COMMENTS
ls-server-oper 68719476736ull NO COMMENTS
ext-san-config 8192ull NO COMMENTS
ls-network 8388608ull NO COMMENTS
ls-ext-access 8589934592ull NO COMMENTS
fault 8ull NO COMMENTS
read-only 1ull NO COMMENTS

rn

Type: reference:RN
Units: null
Encrypted: false
Access: implicit
Category: TopLevelRn
Property Validators:

Comments:
The Relative Name (rn) uniquely identifies an object within a given context.
Note that a dn is comprised of a sequence of relative names. For example, the context "sys/chassis-1/blade-1/adaptor-1/host-eth-2" can be thought of as the following expression:
dn = <root object>/{rn}/{rn}/{rn}/{rn}/{rn}.
The rn can then be used to identify the object (for instance, "adaptor-1") within the context:
<... rn ="../" />

sacl

Type: mo:InstSaclType
Primitive Type: scalar:Bitmask8
Units: null
Encrypted: false
Access: implicit
Category: TopLevelSacl
Property Validators:

Comments:
The system acl property for each Managed Object. br/> This property is a 8 bit mask and supports the following values :-
a: del
b: mod
c: addchild
d: cascade

By default all Managed Objects have the following permissions
a: del
b: mod
c: addchild
This property is persisted in the db. If this property has a value none
it means, the user has read only permissions on this object.
Constants
none 0 NO COMMENTS
del 1 NO COMMENTS
mod 2 NO COMMENTS
addchild 4 NO COMMENTS
cascade 8 NO COMMENTS
DEFAULT 0 NO COMMENTS

status

Type: mo:ModificationStatus
Primitive Type: scalar:Bitmask32
Units: null
Encrypted: false
Access: implicit
Category: TopLevelStatus
Property Validators:

Comments:
This property controls the life cycle of a managed object
Constants
removed 16u In a setter method: specifies that an object should be removed.
In the return value of a setter method: indicates that an object has been removed.
created 2u In a setter method: specifies that an object should be created. An error is returned if the object already exists.
In the return value of a setter method: indicates that an object has been created.
modified 4u In a setter method: specifies that an object should be modified
In the return value of a setter method: indicates that an object has been modified.
deleted 8u In a setter method: specifies that an object should be deleted.
In the return value of a setter method: indicates that an object has been deleted.
DEFAULT 0 This type controls the life cycle of objects passed in the XML API.

When used in a setter method (such as configConfMo), the ModificationStatus specifies whether an object should be created, modified, deleted or removed.
In the return value of a setter method, the ModificationStatus indicates the actual operation that was performed. For example, the ModificationStatus is set to "created" if the object was created. The ModificationStatus is not set if the object was neither created, modified, deleted or removed.

When invoking a setter method, the ModificationStatus is optional:
If a setter method such as configConfMo is invoked and the ModificationStatus is not set, the system automatically determines if the object should be created or modified.

Overview  Containers  Contained  Inheritance  Events  Faults  FSMs  Properties Summary  Properties Detail  Naming