Zia - Mmi System Authority Handling

8/3/2019 Zia - Mmi System Authority Handling

http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 1/84

IA - MMI System Authority

Handling

dn9815537Issue 21-0 en

# Nokia CorporationNokia Proprietary and Confidential

1 (84)

2003353

Nokia BSC/TCSM S11.5 ProductDocumentation



The information in this documentation is subject to change without notice and describes only theproduct defined in the introduction of this documentation. This documentation is intended for theuse of Nokia's customers only for the purposes of the agreement under which the documentationis submitted, and no part of it may be reproduced or transmitted in any form or means without theprior written permission of Nokia. The documentation has been prepared to be used byprofessional and properly trained personnel, and the customer assumes full responsibility whenusing it. Nokia welcomes customer comments as part of the process of continuous developmentand improvement of the documentation.

The information or statements given in this documentation concerning the suitability, capacity, or performance of the mentioned hardware or software products cannot be considered binding butshall be defined in the agreement made between Nokia and the customer. However, Nokia hasmade all reasonable efforts to ensure that the instructions contained in the documentation areadequate and free of material errors and omissions. Nokia will, if necessary, explain issueswhich may not be covered by the documentation.

Nokia's liability for any errors in the documentation is limited to the documentary correction of errors. NOKIA WILL NOT BE RESPONSIBLE IN ANY EVENT FOR ERRORS IN THISDOCUMENTATION OR FOR ANY DAMAGES, INCIDENTAL OR CONSEQUENTIAL(INCLUDING MONETARY LOSSES), that might arise from the use of this documentation or the

information in it.

This documentation and the product it describes are considered protected by copyrightaccording to the applicable laws.

NOKIA logo is a registered trademark of Nokia Corporation.

Other product names mentioned in this documentation may be trademarks of their respectivecompanies, and they are mentioned for identification purposes only.

Copyright © Nokia Corporation 2005. All rights reserved.

2 (84) # Nokia CorporationNokia Proprietary and Confidential


IA - MMI System Authority Handling



Contents

Contents 3

List of tables 5

List of figures 6

Summary of changes 7

IA: MMI SYSTEM AUTHORITY HANDLING 9

1 IAA: CREATE OR MODIFY PROFILE 11

2 IAR: DELETE PROFILE 19

3 IAH: CREATE USER ID 23

4 IAD: DELETE USER ID 27

5 IAE: ATTACH PROFILE TO USER ID OR TERMINAL 29

6 IAG: CHANGE OWN PASSWORD 33

7 IAS: CHANGE PASSWORD OF OTHER USER ID 37

8 IAF: CHANGE SERVICE TERMINAL PASSWORD 41

9 IAQ: RESET LOGIN DELAYS 43

10 IAX: MODIFY MML SESSION IDLE TIME LIMIT 45

11 IAK: CHANGE ENCRYPTION METHOD 47

12 IAM: CHANGE COMMAND DEFINITIONS 51

13 IAI: INTERROGATE USER IDs, TERMINALS AND PROFILES 55

14 IAT: INTERROGATE COMMAND DEFINITIONS 63

15 IAL: INTERROGATE ALLOWED COMMANDS 65

16 IAB: BLOCK/UNBLOCK COMMAND 67

17 IAO: INTERROGATE BLOCKED COMMANDS 71

18 IAJ: CONFIGURE DIRECTORY CLIENT 73

19 IAU: REFRESH DIRECTORY CLIENT CONFIGURATION DATA 77



3 (84)

Contents



20 IAV: INTERROGATE DIRECTORY CLIENT CONFIGURATION DATA 79

21 IAN: CONFIGURE CENTRALISED USER AUTHENTICATION ANDAUTHORIZATION 83






List of tables



5 (84)

List of tables



List of figures






Summary of changes

Summary of changes

Changes between document issues are cumulative. Therefore, the latest document

issue contains all changes made to previous issues.

Changes made between issues 21 20

IAA CREATE OR MODIFY PROFILE

New parameters MINVTIME and PPOLICY have been added to the command.

IAI INTERROGATE USER IDs, TERMINALS AND PROFILES

The fields MINIMUM PASSWORD VALIDITY TIME and PASSWORD

POLICY NAME have been added to the execution printout.

Changes made between issues 20 1 and 20

IAS CHANGE PASSWORD OF OTHER USER ID

This command is no longer optional.

Changes made between issues 20 19

The text in the document has been edited according to the latest standards of

documentation.

IAF CHANGE SERVICE TERMINAL PASSWORD

New command.

IAQ RESET LOGIN DELAYS

New command.



7 (84)

Summary of changes








IA: MMI SYSTEM AUTHORITY HANDLING

Use the commands of this command group to output, modify, and remove MMIsystem authorities, user identities, and profiles. The commands can also be used

to change passwords, the encryption method, and the idle time limits related to

the MML session.

This command group is connected to, for example, the IO (Network User

Authority Data Handling) command group. If you are deleting a user identity by

using the IAD command and the deletion of a network user fails, you can use the

commands of the IO command group to delete the user.

Menu of the command group

M M I S Y S T E M A U T H O R I T Y H A N D L I N G C O M M A N D S

? . .. .. D I SP LA Y M EN U

A : . . .. . C R EA T E O R M O DI F Y P R O F I LE

R : . . .. . D E LE T E P R OF I LE

H : . .. .. C RE AT E U SE R I D

D : . .. .. D EL ET E U SE R I D

E : . .. .. A TT AC H P RO FI LE T O U SE R I D O R T ER MI NA L

G ; . . .. . C H AN G E O W N P A S S W OR D

S : . .. .. C HA NG E P AS SW OR D O F O TH ER U SE R I D

F ; . . .. . C H AN G E S E RV I CE T E RM I NA L P A SS W OR D

Q ; . . .. . R E SE T L O GI N D E LA Y S

X : . . .. . M O DI F Y M M L S E S SI O N I D L E T I ME L I MI T

K : . . .. . C H AN G E E N CR Y PT I ON M E TH O D

M : . . .. . C H AN G E C O MM A ND D E FI N IT I O NSI : . . .. . I N TE R RO G AT E U S ER I D S, T E RM I N AL S A N D P R OF I LE S

T : . . . . . I N T E R R O G A TE C O M M A ND D E F I N I TI O N S

L ; . . .. . I N TE R RO G AT E A L LO W ED C O MM A N DS

B : . . . . . B L O C K / U N B LO C K C O M M A ND

O : . . .. . I N TE R RO G AT E B L OC K ED C O MM A N DS

N : . . . . . C O N F I G U R E C E N T R A L I Z ED U S E R A U T H E N T I C A T IO N A N D A U T H O RI Z A T I ON

Z ; . .. .. R ET UR N T O M AI N L EV E L


The commands in this command group are:

IAA CREATE OR MODIFY PROFILE

IAR DELETE PROFILE

IAH CREATE USER ID

IAD DELETE USER ID



9 (84)




IAE ATTACH PROFILE TO USER ID OR TERMINAL

IAG CHANGE OWN PASSWORD

IAS CHANGE PASSWORD OF OTHER USER ID

IAF CHANGE SERVICE TERMINAL PASSWORD

IAQ RESET LOGIN DELAYS

IAX MODIFY MML SESSION IDLE TIME LIMIT

IAK CHANGE ENCRYPTION METHOD

IAM CHANGE COMMAND DEFINITIONS

IAI INTERROGATE USER IDS, TERMINALS AND

PROFILES

IAT INTERROGATE COMMAND DEFINITIONS

IAL INTERROGATE ALLOWED COMMANDS

IAB BLOCK/UNBLOCK COMMAND

IAO INTERROGATE BLOCKED COMMANDS

IAJ CONFIGURE DIRECTORY CLIENT

IAU REFRESH DIRECTORY CLIENT CONFIGURATION

DATA

IAV INTERROGATE DIRECTORY CLIENT

CONFIGURATION DATA

IAN CONFIGURE CENTRALIZED USER AUTHENTICATION

AND AUTHORIZATION






1 IAA: CREATE OR MODIFY PROFILE

Function

Use this command to create a new profile or modify an existing profile. Be very

careful when modifying your own ID or terminal.

Parameters

profile:

base profile ,command class, authority :

parallel password, password validity time, minimum password validity time, mml

command log accessibility , unique, password policy name:

MML Session idle time limit;

Syntax

I AA : < pr of il e> : [ B A S EP = < ba se p ro fi le > |

[ [ < co mm an d c la ss > = A LL d ef ] = [ < au th or it y> | 1 d ef ] ] . .. ] . .. :

[ P ARAPW = [ Y ES d ef | NO ] ,

V TI ME = [ | F OR EV ER | 1 00 d ef ] ,

V MI NT IM E = [ < m i ni mu m p as sw o rd v a li di t y t i m e> | 0 d ef ] ,

A CC ES S = [C OM | M ED | L IM d ef ] ,

UNIQUE = [ Y ES | N O d ef ] ] ... ,

P WP OL IC Y = [ ] :

[T L I M I T = < M M L _ s es s i o n _i d l e _ ti m e _ l im i t > | 15 d e f ] ;

Parameter explanations

Profile This parameter defines the name of the profile you want to

create or edit.

The maximum length of the profile name is 10 characters.

The first character is always a letter and the remaining

characters are either letters or numbers. The parameter value

ALL is not allowed.

This parameter is obligatory.



11 (84)

IAA: CREATE OR MODIFY PROFILE



Base profile A profile whose contents you want to create form the basis of

the new profile.

The contents of the base profile are copied and form the basis

of a new profile. If required, other new values are specified in

the parameters and added to the base. The name of the base

profile must be identical to an existing profile attached to the

system.

Command class The letter (A to Y) for the command class of the profile whose

authority value you want to change.

By entering the parameter value ALL, the authority values for

all command classes can be changed simultaneously. If ALL

is entered, individual command classes cannot be entered in

the same command.

Authority This parameter defines the command class -specific authority

value for the profile.

The authority value can range from 1 to 251, where the value

251 is a special authority. The default value is 1. If the special

authority value 251 has been defined for the command class

of the user profile, the user identity which uses the profile is

allowed to execute the commands of this command class from

all terminals, regardless of the authority requirements of the

terminal itself.

If the special authority value 251 has been defined for the

command class of the terminal profile, all user identities are

allowed to execute commands in this command class from the

terminal using the profile, regardless of the authority

requirements of the user identity's own profile.

Parallel password

Use this parameter to define whether the users attached to the

profile have separate passwords for remote connections, used

to access the network elements of the older system level.

PARAPW Parallel password

Specify one of the following values for the parameter:

YES Parallel passwords are used.

NO Parallel passwords are not used.






To guarantee information security, it is advisable to specify

the value YES for the parameter.

The default value is YES. If you do not specify this parameter

when creating a new profile, the program gives the parameter

the value YES as a default value. When modifying an old

profile, the parameter value remains the default value.

Password validity time

This parameter defines the latest time for changing the

password. The password validity time is between 0 and 250

days, or 'FOREVER'. The value 0 means that the password

must be changed after each login. If the password is given the

value 'FOREVER', the password is valid indefinitely.

The default value is 100. If a new profile is not given whilethe parameter is being created, the parameter validity time is

100 by default. When an old profile is changed, the value of

the parameter remains unchanged.

If you wish to shorten the password validity time of an

existing profile, the program checks if any of the password

validity times for the user identities attached to the profile are

longer than the new profile-specific password validity time. If

longer password validity times are found, the profile-specific

password validity time is also defined for the password

validity times for the user identities.

minimum password validity time

With the parameter MINVTIME, the operator can define the

minimum password validity time, that is, the time that has to

pass from changing the password before it can be changed

again. The possible values are 0-250 days. The value 0 means

that the user can change the password right after the previous

change. The value cannot be higher than the value of the

parameter VTIME. This is an optional parameter.

MML command log accessibilityUse this parameter to define what information the profile user

is allowed to output from the command log.

ACCESS MML command log accessibility




13 (84)




COM Complete accessibility

Profile users are allowed to output the

complete contents of the command log.

MED Medium accessibility


information from the MML command log

on all commands executed by them and

on the public commands executed by

other users (visibility = public).

LIM Limited accessibility


information from the MML command log

on all commands executed by them. This

is the default value.

If you do not enter this parameter while creating a new

profile, the MML command log accessibility is LIM by

default. When you are modifying an old profile, the MML

command log accessibility remains unchanged by default.

Unique This parameter defines whether a profile is a one-user profile

or a normal profile.

UNIQUE Unique


YES Only one user identity or terminal can be

attached to the profile.

NO The number of profile users is unlimited.

This is the default value.

The parameter does not affect the modification of an existing

profile. An existing one-user profile cannot be changed to a

normal profile. Nor can a normal profile be changed to a one-

user profile after it has been created. If the parameter is not

entered, the default value is NO.






password policy With the parameter PWPOLICY, the operator can define the

password policy that is used with this profile. The possible

values are the names of existig password policies. If the value

is not given, no password policy is used with this profile. This

parameter has a dynamic guidance output. Only the name of

an existing password policy is allowed. If there is no

password policy configured in the network element, guidance

text No password policies available is displayed in the

guidance output. This is an optional parameter.

MML-session idle time limit

TLIMIT Use this parameter to change the time

supervision value of the MML session.

The time supervision value can range

from 1 to 60 minutes. Time supervisionhas an immediate effect on the user's own

session, and after re-login it also affects

the sessions of other users belonging to

the same profile.

Examples

1. Create a new profile called CHIPNDALE with default values.

IAA:CHIPNDALE;

2. Create a new profile called MANAGER. The contents of the profile are thesame as the contents of the existing profile GOOFY. The command classes

A and I, and the password validity time are exceptions. Their authority

values are changed as follows: A=150, I=50, and VTIME=30.

IAA:MANAGER:BASEP=GOOFY,A=150,I=50:VTIME=30;

3. Create a new one-user profile called SUPERVISOR. This new profile is

based on the existing profile GOOFY. The new profile has complete MML

command log accessibility.

IAA:SUPERVISOR:BASEP=GOOFY:UNIQUE=YES,ACCESS=COM;

4. To create a new profile called PPOLICY, give the command below. First check if the password policy called POLICY exists by using the IVI MML

command or create it by using the IVK MML command. This new profile

is based on the existing profile GOOFY. The password validity time,

minimum password validity time, and password policy are exeptions. Their

authority values are changed as follows: VTIME=100, MINVTIME=50,

and PWPOLICY=POLICY.

IAA:PPOLICY:GOOFY:VTIME=100,MINVTIME=50,



15 (84)




PWPOLICY=POLICY;

Additional information

In example 2, the profile identity GOOFY is an already existing profile. However,the profile identity MANAGER is new, so a profile with this name cannot exist in

the system. The command creates a new user identity, MANAGER, whose

contents are identical to the profile GOOFY, with the exception of the password

validity time, the authority values for command classes A and I, and the MML

command log accessibility. The command does not affect the contents of the

profile GOOFY in any way.

In the first example, the profile CHIPNDALE is given the following default

values:

P R O F I LE N A M E : C H I P N D A L EC O M M A ND C L A S S A U T H O RI T I E S :

A=1 B= 1 C=1 D=1 E= 1 F=1 G=1 H=1 I=1 J=1

K=1 L= 1 M=1 N=1 O= 1 P=1 Q=1 R=1 S=1 T=1

U=1 V= 1 W=1 X=1 Y= 1

P A R A L LE L P A S S W O RD E X I S T E NC E : Y E S

P A SS W OR D V A L ID I TY T I ME : 1 0 0 D A Y (S )

M I NI M UM P A SS W OR D V A LI D IT Y T I ME : 5 0 D A Y (S )

M M L C O MM A N D L O G A C C ES S IB I L IT Y : L I MI T ED

U N IQ U E P R O FI L E: N O

M M L S E S S I ON I D LE T I ME L I MI T : 1 5 M I N (S )

P A SS W OR D P O L IC Y N A M E: P P OL I CY

P RO FI LE I S U SE D B Y:

C O M M A ND E X E C U TE D

When an existing profile is being modified, the MML program asks for

verification before it saves the changes.

Every user id used by the Nokia network management system, Nokia NetAct,

must be created with its own unique profile. This ensures that the user identities

required by Nokia NetAct can be managed from the network management system

without problems.

Execution printouts

Normally, when a new profile is created, no execution printout is output.






When an existing profile is being modified, the MML program asks for

verification before command execution.

If you give the command

IAA:CHIPNDALE:A=200,U=150;

and the profile already exists, the printout generated by the command is as

follows:

E X E C U TI O N S T A R T ED

Y O U A R E M O DI F YI N G E X IS T IN G P R O FI L E: C H IP N D AL E

C O NF I RM C O MM A ND E X EC U TI O N: Y / N ? Y


If modifying a profile causes the authorities for the session in question to become

so low that you cannot modify any user identity's authorities, the program gives a

warning and asks for confirmation of the command execution.

The printout generated by the command

IAA:PROFILE:I=50;

is given below. The command is entered from a terminal whose profile is

PROFILE.


/ * T H IS M O DI F IC A TI O N W I LL P R EV E NT Y O U F R OM M A KI N G

F UR TH ER AU TH ORI TY C HAN GE S F RO M T HI S T ER MI NA L * /

Y O U A R E M O DI F YI N G E X IS T IN G P R O FI L E: P R OF I L E



A similar message about the user id is given if you change the I-class authorities

of your own profile so that they are so low that you can no longer modify them.



17 (84)




Semantic error messages

/ * ** S E MA N TI C E R RO R * * * /

/ * ** P A RA M ET E R V A L U E A L L I S N O T A L L O W ED * * */

ALL is not allowed as a profile name.

The system may also output a general semantic error message.

Execution error messages

/ * ** B A SE P R OF I L E N O T F O U ND * * */

The name of the base profile could not be found in the system. You can output the

names of the existing base profiles by using the IAI command.

/ * ** M M I R E C O R D E R R O R * * * /

The contents of the record are incorrect. Check the alarms.

/ ** * N O R OO M F OR M OR E P RO FI L ES * * */

There is no more room for new profiles in the system. You can remove the

unnecessary old profiles by using the IAR command.

/ * ** N O P A SS W OR D P O LI C Y A V AI L A BL E * * * /

The password policy could not be found in the system. You can output the

existing password policies by using the IVI command.

In some cases, alarm 2427 (MMI SYSTEM FILE ERROR) is also set. This

alarm indicates the reason for the file error more specifically.

The system may also output a general MML execution error message.






2 IAR: DELETE PROFILE

Function

Use this command to delete a profile.

Parameters

profile;

Syntax

I AR : < pr of il e> ;


profile The profile you want to delete from the MMI system.

The maximum length of the profile name is 10 characters.

The first character is always a letter and the remainingcharacters are either letters or numbers.

The parameter is obligatory.

Examples

1. Delete the profile JANITOR.

IAR:JANITOR;


The MML program asks for verification before deleting an existing profile. A

profile can be deleted only if it has not been attached to any user identity or

terminal.

Execution printouts

No execution printout is output when a profile is deleted.



19 (84)

IAR: DELETE PROFILE



The program always asks for verification before command execution.


IAR:CHIPNDALE;

is as follows:

E X E C U TI O N S T A R T E D

Y O U A R E D E LE T IN G P R O FI L E: C H IP N D AL E

C O NF I RM C O M MA N D E X EC U TI O N: Y / N ? Y

P R O F I LE D E L E T ED



If an error occurs, the system outputs a general MML semantic error message.


/ * ** E R RO R W H IL E D E LE T IN G * * */

The deletion of the profile has failed. Check the alarms. If there are no alarms,

give the command again.

/ * ** F I LE U P DA T I NG E R RO R * * */

The update of the modifications in the disk file has failed. Update the profile file

using the commands of the DE command group.

/ ** * P RO FI LE CA NN OT BE DE LE TE D * ** /

/ * ** P R OF I LE H A S B E E N A T T AC H ED T O : * * */

The profile has already been attached to at least one user identity or terminal. You

can delete the profile only if it has not been attached to any user identity or

terminal.

/ * ** P R OF I LE N O T D E LE T E D * * * /

The user has cancelled the profile deletion. Check the existing profiles using the

IAI command.






/ * ** P R OF I LE N O T F O U N D * * */

The specified profile could not be found in the system.




21 (84)

IAR: DELETE PROFILE








3 IAH: CREATE USER ID

Function

Use this command to create a new user identity and attach a profile to it. You can

create the profile using the IAA command.

Parameters

user id:

profile;

Syntax

I AH : < us er i d> : < pr of il e> ;


user id This parameter is used to identify a new user id.

The maximum length of the parameter value is six characters.

The first character is always a letter and the remaining

characters are either letters or numbers.


profile This parameter defines a profile for the user id.

The maximum length of the parameter is 10 characters. The

first character is always a letter and the remaining charactersare either letters or numbers. The profile must already exist in

the exchange.


Examples

1. Create the user identity BANANA and define JANITOR as its profile.



23 (84)

IAH: CREATE USER ID



IAH:BANANA:JANITOR;


The user identity cannot exist in the exchange. After enter the command, the

MML program asks for the password of the user identity you want to create and

its verification. The profile (JANITOR in the example) must exist in the exchange

before it can be attached to a user identity.



required by the Nokia NetAct can be managed from the network management

system without problems.

If the password policy feature is on and the given password is not compliant with

the password policy, the following execution error message appears.

/ * ** P A SS W OR D N O T C O MP L IA N T W I TH P O LI C Y * * */

If the password policy feature is on and the given password is found in the

password policy history list or the minimum password validity time has not

elapsed, the following execution error message appears.

/ * ** P A SS W OR D H I ST O RY C H EC K I NG F A IL E D * * */

Execution printouts


IAH:ALFRED:JANITOR;

is as follows:


/ * I D E N T IF Y P A S S W O RD :

M I NI M UM P A SS W OR D L E NG T H I S 6

M A XI M UM P A SS W OR D L E NG T H I S 1 6 * /

N E W P A S S W OR D : * * * * * ** * *

V E R I F IC A T I O N: * * * * * ** * *

/ * I D E NT I FY P A SS W O RD F O R O L DE R S Y S TE M L E VE L S:







M A X IM U M P A SS W OR D L E NG T H I S 1 5 * /

N E W P A S S W OR D :

VERIFICATION:


If the users attached to the profile do not have parallel passwords, the second

inquiry and verification of the password are not output.


/ ** * U SE R I D T OO S HO RT * ** /

The user identity must contain six characters. Enter a longer user id.

The system may also output a general semantic error message.


/ * ** T O O S H OR T P A SS W OR D * * */

/ ** * U SE R I D N OT C RE AT ED * ** /

The minimum length of the password is six characters. Check the length of the

password.

/ * ** T O O L O N G P A SS W OR D * * *// ** * U SE R I D N OT C RE AT ED * ** /

The maximum length of the password in the new system levels is 16 characters,

and in the old system levels it is 15 characters.

/ * ** M M I R E C O R D E R R O R * * * /


/ * ** P A SS W OR D C O NT A IN S I N VA L ID C H AR A CT E RS * * * /

/ ** * U SE R I D N OT C RE AT ED * ** /

The given password contains forbidden characters. A password may contain

capital letters, numbers, and most of the other graphic characters. The allowed

characters include ASCII code characters between HEX 21 and HEX 7E.

/ ** * P AS SW OR D I S S AM E A S U SE R I D;

P L EA S E C H OO S E A N O TH E R S T RI N G * * */



25 (84)

IAH: CREATE USER ID



The password must not be identical to the user identity. Choose another

password.

/ * ** P A SS W OR D F O R O L DE R S Y ST E M L E VE L S

I S S AM E A S N EW T YP E P AS SW OR D * ** /

/ * ** P L EA S E C H OO S E A N OT H ER S T R IN G * * * /

The passwords for old and new system levels must not be identical. Choose

another password.

/ * ** P A SS W OR D V E RI F IC A TI O N E R R OR * * */

/ ** * U SE R I D N OT C RE AT E D * ** /

A typing error was made in the verification of the password.

/*** PROFILE IS A UNIQU E PRO FI LE ***/

/ ** * O NL Y O NE U S ER C AN B E A T TA CH E D T O T HI S P RO FI LE * ** /

The profile has been defined as a one-user profile. The profile has already been

attached to a user id or a terminal. Thus, it cannot be attached to other user

identities or terminals.



The user profile does not exist. Use the IAI command to check the existing user

profiles and the IAA command to create a new user profile.

/ * ** S Y ST E M E R RO R * * */

There is an error in the file. Check the alarms.

/ * ** U S ER I D A L R EA D Y E X I S T S * * * /


The user id already exists.


/ ** * N O M OR E R OO M F OR N EW U S ER I D S * * * /

There is no more room for new user identities in the system. Use the IAD

command to delete the unnecessary user identities.






4 IAD: DELETE USER ID

Function

Use this command to delete a user identity from the MMI system. To check the

existing user profiles, use the IAI command.

Parameters

user id;

Syntax

I A D : < us e r i d > ;


user id This parameter specifies the user identity you want to delete.

The length of the user id is six characters.


Examples

1. Delete the user identity LMERIC from the system.

IAD: LMERIC;


Before deleting a user identity, the MML program asks for verification from theuser. The user's own user identity in an active session must not be deleted. When

a user identity is deleted, network user authorities and user-specific limitations, if

any, are also deleted.

Execution printouts

When a user identity is being deleted, no execution printout is output.

The program always asks for verification before command execution.



27 (84)

IAD: DELETE USER ID




IAD:LMERIC;

is as follows:


Y O U A R E D E LE T IN G U S E R I D : L M E RI C


U S ER I D D E LE T ED



/ ** * U SE R I D T OO S HO RT * ** /

The user identity must contain six characters. Check the length of the user id.

The system may also output a general MML semantic error message.


/ * ** E R RO R W H IL E D E LE T IN G * * */

The deletion of the user identity has failed. Give the command again.


The update of the modifications in the disk file has failed. Update the password

file using the commands of the DE command group.

/ ** * O WN U SE R I D C AN NO T B E D EL ET E D * ** /

You tried to delete your own user id. It is not possible to delete one's own user id.

/ ** * U SE R I D N OT F OU ND * ** /

The given user identity was not found in the system. To check the existing user

identities, use the IAI command.







5 IAE: ATTACH PROFILE TO USER ID OR

TERMINAL

Function

Use this command to change the profile of a user identity or a terminal.

Parameters

execution parameter:

profile;

Syntax

I AE : ( U S ER ID = < us er i d> | T ER M IN AL = < MM L t e r mi na l> ) : < pr of il e> ;


user id The parameter can have the following value:

USERID User identity

The user id whose profile you want to change.

The length of the user identity is six characters. The first

character is always a letter and the remaining characters are

either letters or numbers. The user identity must exist in the

system.

MML terminal The parameter can have the following values:

TERMINAL Terminal identity

Use this parameter to define the terminal whose profile you

want to change. To define the terminal identity, give the

parameter one of the following values:



29 (84)

IAE: ATTACH PROFILE TO USER ID OR TERMINAL



CAL Command calendar

VTP Virtual terminal

profile The profile you want to attach to the user identity or the

terminal. The name must be a profile created in the system.


Examples

1. Attach the profile CHIPNDALE to the user identity BATMAN.

IAE:USERID=BATMAN:CHIPNDALE;


Before giving the command, you must define the user identity, the terminal, and

the profile.

In command example 1, the profile used by the user identity BATMAN is

replaced by the profile CHIPNDALE. At the next login to the exchange, the user

identity BATMAN uses the authority data on the profile CHIPNDALE.



required by the Nokia NetAct can be managed from the network management system without problems.

Execution printouts

Normally, when a profile for a user id or a terminal is changed, no command

execution printout is output.

If changing the profile causes the authorities for the session in question to become

so low that you cannot modify any authorities, the program gives a warning and

asks for confirmation.


IAE:TERMINAL=VDU0:LOWTERMPRO;

is given below. The command is entered from the terminal and the authorities for

the new profile in class I are low.







/ * T H IS M O DI F IC A TI O N W I LL P R EV E NT Y O U F R OM M A KI N G

F UR TH ER AU TH ORI TY C HAN GE S F RO M T HI S T ER MI NA L * /



A similar message concerning the user identity is given if you change your own

profile to one in which the I-class authorities are so low that no further changes

can be made.




/ * ** M M I R E C O R D E R R O R * * * /


/*** PROFILE IS A UNIQUE PRO FILE ***/

/ ** * O NL Y O NE U SE R C AN B E A T TA CH E D T O T HI S P RO FI LE * * */

The profile has been defined as a profile for one user only. It has already been

attached to a user identity or a terminal and cannot be attached to other identities

or terminals.


The given profile was not found in the system. Use the IAI command to check

the existing user profiles or the IAA command to create a new user profile.

/ * ** S Y ST E M E R RO R * * */


/ * ** T E RM I NA L D O ES N O T E X I S T * * */

The given terminal identifier was not found in the terminal data file. To check the

alarms, give the IAI command.

/ ** * U SE R I D N OT F OU ND * ** /

The given user identity was not found in the system. To check the existing user

identities, give the IAI command.



31 (84)

IAE: ATTACH PROFILE TO USER ID OR TERMINAL









6 IAG: CHANGE OWN PASSWORD

Function

Use this command to change your own password.

Parameters

password type;

Syntax

I AG : [ | N E WP WT d ef ];


password type You can use this parameter to define whether you want to

change a new system level password or a password which is

used for remote connections to access the system levels which

do not support the feature using the new encryption method.

You can give the parameter one of the following values:

OLDPWT The password used for remote

connections to access the old system

levels is changed.

NEWPWT The password that can be used for the new

system levels is changed. This is the

default value.

If the user has been attached to a profile which determines

that the user can have only one password, the value

OLDPWT is not output in any parameter guides.



33 (84)

IAG: CHANGE OWN PASSWORD



Examples

1. Change your own password.

IAG;

2. Change the password for remote connections to access the older system

levels.

IAG:OLDPWT;


First, the program asks you to enter the old password. Then it asks for the new

password and its verification. The password cannot be identical to your own user

id.






elapsed, the following execution error message is displayed.


Execution printouts


IAG;

is given below. The passwords are output on the terminal as the character defined

in the parameter file (the default value is *).


O L D P A S S W OR D : * * * * * *

/ * I D E NT I FY N E W P A SS W OR D :



N E W P A S S W OR D : * * * * * ** *

V E R I F IC A T I O N: * * * * * ** *







The execution printout generated by the command

IAG:OLDPWT;

is given below. The passwords are not repeated on the terminal.


O L D P A S S W OR D :

/ * I D EN T IF Y N E W P A SS W OR D :

M I N IM U M P A SS W OR D L E NG T H I S 6



VERIFICATION:





/ * ** C U RR E NT M M L- S ES S IO N P A SS W OR D C H AN G E F A IL E D * * */

The changing of the password in the MMIMAN in the MML session concerned

has failed. Start a new MML session. The new password is valid in the new MML

session.


The minimum length of a password is six characters. Check the length of the

password.

/ * ** T O O L O N G P A SS W OR D * * */

The maximum length of a password for the new system levels is 16 characters,

and 15 characters for the older system levels. Check the length of the password.

/ * ** M M I R E C O R D E R R O R * * * /




35 (84)

IAG: CHANGE OWN PASSWORD



/ * ** O L D P A SS W OR D V E RI F IC A TI O N E R RO R * * */

The given password is not identical to the one the session was started with.

/ * ** P A SS W OR D C O NT A IN S I N VA L ID C H AR A CT E R S * * */

The given password contains forbidden characters. The password may contain




P L E AS E C H OO S E A N OT H ER S T RI N G * * */


password.

/ * ** P A SS W OR D F O R O L DE R S Y ST E M L E VE L S

I S S AM E A S N EW T YP E P AS SW OR D * ** /

/ * ** P L EA S E C H OO S E A N OT H ER S T R IN G * * * /

The passwords meant for the new and old system levels must not be identical.

Choose another password.


A typing error was made in the verification of the password.

In addition, the system may also output a general MML execution error message.






7 IAS: CHANGE PASSWORD OF OTHER

USER ID

Function

Use this command to change the passwords of other user identities in the MMI

system.

Parameters

user id:

password type;

Syntax

I AS : < us er i d> : [ | N EW PW T d ef ] ;


user id The user identity whose password you want to change. The

length of the user id is six characters.


password type You can use this parameter to define whether you want to

change a new system level password or a password that is

used for remote connections to access the system levels that

do not support the feature using the new encryption method.


OLDPWT The password used for remote

connections to access the old system

levels is changed.

NEWPWT The password for the new system levels is

changed. This is the default value.



37 (84)

IAS: CHANGE PASSWORD OF OTHER USER ID



If the user has been attached to a profile determining that the

user can have only one password, the value OLDPWT is not

output in any parameter guides.

Examples

1. Change the password of user identity USER00.

IAS:USER00;

2. Change the password of user id USER01 used for remote connections to

access the older system levels.

IAS:USER01:OLDPWT;


First, the program asks you to enter the old password. Then, it asks for the new

password and its verification. The password cannot be identical to your own user

id.




If the password policy feature is on and the given the password is found in the

password policy history list or the minimum password validity time has not elapsed, the following execution error message is displayed.


Execution printouts


IAS:JJHILL;

is given below. The passwords are output on the terminal as the character defined

in the parameter file (the default value is *).


/ * I D E NT I FY N E W P A SS W OR D :








N E W P A S S W OR D : * * * * * ** *

V E R I F IC A T I O N: * * * * * ** *



IAS:JJHIL:OLDPWT;

is given below. The passwords are not repeated on the terminal.


/ * I D EN T IF Y N E W P A SS W OR D :

M I N IM U M P A SS W OR D L E NG T H I S 6



VERIFICATION:



/ ** * U SE R I D T OO S HO RT * ** /

The user id must contain six characters.





password.


The maximum length of a password for the new system levels is 16 characters,

and 15 characters for the older system levels. Check the length of the password.

/ * ** M M I R E C O R D E R R O R * * * /



39 (84)

IAS: CHANGE PASSWORD OF OTHER USER ID





The specified password contains forbidden characters. The password may contain

capital letters, numbers and most of the other graphic characters. The allowed



P L E AS E C H OO S E A N OT H ER S T RI N G * * */


password.


A typing error was made when the password was verified.

/ ** * U SE R I D N OT F OU ND * ** /

The specified user identity was not found in the system. Check the existing user

identities by using the IAI command.







8 IAF: CHANGE SERVICE TERMINAL

PASSWORD

Function

Use this command to change the fixed username password of the service

terminal.

Parameters

The command has no parameters.

Syntax

IAF;

Examples

1. Change the fixed username password of the service terminal.

IAF;


Note that there may be others who are using the same password in the service

terminal. In this case, inform other users of the password change.






elapsed, the following execution error message is displayed.

/ * ** P A SS W OR D H I ST O RY C H EC K IN G F A IL E D * * */



41 (84)

IAF: CHANGE SERVICE TERMINAL PASSWORD



Execution printouts

The execution printout of command example 1 is as follows:

The passwords are displayed as the character defined in the parameter file (the

default value is character *).

/ * I D E N T IF Y P A S S W O RD :



N E W P A S S W OR D : * * * * * ** *

V E R I F IC A T I O N: * * * * * ** *



/ * ** T O O S H OR T P A S SW O RD * * */


password.


The maximum length of a password is 16 characters. Check the length of the

password.


The update of the password in the disk has failed. Use the following command to

check whether the necessary file exists:

ZIWX:::BLCODE:DEBUTIGX,IMG;

If the file is not found, contact the system specialist. Otherwise, check the alarms.


The given password contains forbidden characters. The password may contain









9 IAQ: RESET LOGIN DELAYS

Function

Use this command to reset all time delays that are set for login.

Use this command when you want to normalise the time delay in user

authentication caused by failed login attempts.

Parameters


Syntax

IAQ;

Examples

1. Reset all time delays in force at login.

IAQ;


If an error occurs, the system outputs a general MML execution error message.



43 (84)

IAQ: RESET LOGIN DELAYS








10 IAX: MODIFY MML SESSION IDLE TIME

LIMIT

Function

Use this command to change the time supervision value of the MML session.

Parameters

MML session idle time limit;

Syntax

I A X: [ <M M L S e ss i on i d le t i me l i mi t >| 1 5 d e f] ;


MML Session idle time limit

The time supervision value can range from 1 to 60 minutes.

Changing the time supervision value has an immediate effect

on the user's own session. The sessions of other users with the

same profile are affected by the change only after the next

login.

Examples

1. Change the time supervision value of the MML session to 10 minutes.

IAX:10;

Execution printouts

The execution printout generated by the command in example 1 is as follows:


/ * T HI S P RO FI LE I S U SE D B Y:

SYS TEM VEH MAA * /



45 (84)

IAX: MODIFY MML SESSION IDLE TIME LIMIT








/ * ** M M I R E C O R D E R R O R * * * /








11 IAK: CHANGE ENCRYPTION METHOD

Function

Use this command to change or output the encryption key used.

Parameters

encryption key number;

Syntax

I A K : [ <e n c r y pt i o n k e y n u m b e r> | L I S T d e f ] ;


encryption key number

The generation index of the encryption key that you want to

define as the new key. The index can range from 1 to 100.

The value LIST outputs the encryption key index in use

instead of changing it. This is the default value.

Examples

1. Output the encryption key index in use.

IAK;

2. Change the value of the index to 47.

IAK:47;



47 (84)

IAK: CHANGE ENCRYPTION METHOD




When a remote session is being established, the encryption key is not valid in the

target system unless the encryption keys in the source and target system are

identical. When the encryption key is being changed, the system asks the user for

verification. It also gives a warning that changing the encryption key may cause

problems for the establishment of the remote session. Every time a remote session

is established in a target system where the password is not valid, the username

and the password must be entered in the terminal.

Execution printouts


IAK;

is as follows:


C UR RE NT LY U SE D K EY I S : 3 3



IAK:47;

is as follows:


/ * T H I S M O D I FI C AT I ON M A Y C A US E F A I LU R E I N U S ER

A U T H E NT I C A T I ON W H E N E S T A B LI S H I N G R E M O T E S E S S I ON

BEC AU SE OF D IFFER EN T ENC RYPTI ON KEYS */











/ * ** M M I R E C O R D E R R O R * * * /





49 (84)

IAK: CHANGE ENCRYPTION METHOD








12 IAM: CHANGE COMMAND DEFINITIONS

Function

Use this command to change the authorities of an MML command.

Parameters

command:

authority requirement,visibility in MML command log,Q3 notification,security

notification;

Syntax

I AM : < co mm an d> : ( A UT H = < a ut ho r it y> |

V IS IB = ( P U BL IB | P RI VA TE ) |

Q3N = [ YES | N O ) | S ECN = ( Y ES | NO ) ) ... ;


command A three-letter MML command whose authority data or

security reporting you want to change.


authority requirement

The parameter can have the following value:

AUTH Authority requirement

A new authority requirement given to the MML command.

The value for the requirement is between 1 and 250.

visibility in MML command log

This parameter defines whether a command can be output

from the MML command log by all users.

VISIB Visibility in the MML command log



51 (84)

IAM: CHANGE COMMAND DEFINITIONS



PUBLIC The command can be output by all users

allowed to output information on the

commands executed by other users

(medium or complete MML command log

accessibility).

PRIVATE The command can be output by users

having complete MML command log

accessibility.

Regardless of the parameter value, all users are allowed to

output information on the commands executed by them.

Q3 notification This parameter defines whether a notification on command

execution is sent to the Q3 interface control software. If the

value YES is given, the notification is sent. If the value is NO,no message is sent.

security notification

This parameter defines whether the data on the command

execution is collected in the security report. If the value YES

is given, the data is collected. With the value NO, it is not

collected.

Examples

1. Change the authority requirement of the USI MML command to 100 toset its execution to be collected in the report.

Define a notice on the command execution to be sent to the control

software of the Q3 interface.

IAM:USI:AUTH=100,SECN=YES,Q3N=YES;

2. Change the authority requirement of the USI MML command to 100 and

the MML command log visibility to PUBLIC.

IAM:USI:AUTH=100,VISIB=PUBLIC;


This command is used to change the authority requirement for all existing

commands, and also for those not included in the software concerned.

If the CAUCNVGX conversion program is not executed in conjunction with the

software build change, the authority requirements of all commands change back

to the default values of software building. The default values are: 250, 200, 150,

100, or 50.









/ * ** F I LE U P DA T IN G E R RO R * * * /

The update of the modifications in the disk file has failed. Use the commands of

the DE command group to update the authority file of MML commands.

/ * ** M M I R E C O R D E R R O R * * * /


/ * ** M M L C O M M AN D N O T F O U N D * * * /

The MML command given is not found in the system. To output the MML

commands of the system class by class, give the IAT command.

/ * ** S Y ST E M E R RO R * * */


In some error conditions, alarm 2427 (MMI SYSTEM FILE ERROR) is also set.

The alarm indicates the file error more specifically.




53 (84)

IAM: CHANGE COMMAND DEFINITIONS








13 IAI: INTERROGATE USER IDs,

TERMINALS AND PROFILES

Function

Use this command to interrogate and output the authority data on a user identity,

terminal, or profile.

Parameters

output object:

output type;

Syntax

I AI : ( U SE RI D = [ < us er id > | A LL d ef ] |

T ER MI NA L = [ < t er mi na l i d> | A LL d ef ] |

P RO FI LE = [ | A LL d ef ] ) |R EM OT E = [ < us er i d> | AL L d ef ] ) :

[ L IM | COM def ] ;


User id The parameter can have the following value:

USERID User identity

The user identity whose data you want to output. The length

of the user identity is six characters.

If you give the value ALL, all user identities and profile

names or profile contents used by them are output, depending

on the specifier given in the second parameter. The default

value is ALL.

Terminal id The parameter can have the following value:

TERMINAL Terminal identifier



55 (84)

IAI: INTERROGATE USER IDs, TERMINALS AND PROFILES



The terminal identifier whose data you want to output. The

maximum length of an identifier is six characters.

If you give the value ALL, all terminal identifiers and profile

names or profile contents used by them are output, depending

on the specifier given in the second parameter. During the

output, it is not checked whether all the terminal identifiers

exist in the system concerned.

The default value is ALL.

Profile The parameter can have the following value:

PROFILE Profile identifier

The profile whose data you want to output. The maximum

length of a profile is 10 characters.

If you give the value ALL, all profile names or their contents,

and profile user names and terminal identifiers are output,

depending on the specifier given in the second parameter.


Remote The parameter can have the following value:

REMOTE Remote used identity

The remote user identity whose data you want to output.

If you give the value ALL, all remote user identities are

output. The default value is ALL.

All remote users and their profiles can be found in the

EYELET file.

The EYELET file may not contain the password validity time

if the value cannot be reached from the LDAP server. If thevalue is not known, then validity time line is not printed.

Output type You can use this parameter to choose the output type by

giving one of the values below.






LIM Limited

This specifier outputs only the profile

name attached to a user identity or

terminal. The user identities and terminals

using the profile are displayed.

COM Complete

This specifier outputs the contents of a

profile attached to a user identity or a

terminal. When a profile is interrogated,

its contents and users are output. This is

the default value.

Examples

1. Output the users of the profile SUBSTITUTE.

IAI:PROFILE=SUBSTITUTE:LIM;

2. Output the user profiles of all user identities and the contents of the

profiles.

IAI:USERID=ALL:COM;

3. Output the remote user FARUSE and its profiles from the local cache file.

IAI:REMOTE=FARUSE:COM;

Execution printouts

The explanations of the fields in the execution printouts are as follows:

PROFILE NAME

Name of the profile you want to output

REMOTE USER ID

Remote used id from the local cache file

MMI SESSIONS OPEN

Number of the MMI sessions a remote user has opened

COMMAND CLASS AUTHORITIES

Authorities defined in the profile, given separately for each

class



57 (84)




PARALLEL PASSWORD EXISTENCE

Information on whether the users attached to the profile have

a parallel password to be used for remote sessions in order to

access the network elements of the older system level

PASSWORD VALIDITY TIME

Validity time of the password for the profile to be output,

given in days

MINIMUM PASSWORD VALIDITY TIME

The minimum validity time that has to pass from changing the

password before it can be changed again, given in days

(optional parameter)

MML COMMAND LOG ACCESSIBILITY

MML command log accessibility of the profile (or user) youwant to output

UNIQUE PROFILE

Information on whether the profile that was output is a one-

user profile or a normal profile

PASSWORD POLICY NAME

The password policy that is used with this profile (optional

parameter)

PROFILE IS USED BYList of the user identities in which the profile concerned has

been defined

USERID NAME

Name of the user identity you want to output

PASSWORD VALIDITY TIME LEFT

Remaining validity time of the password for the user identity

to be output, given in days

NETWORK USE ALLOWEDInformation on whether the user id is a network or a normal

user identifier

MML SESSION IDLE TIME LIMIT

Time supervision value of the MML session







IAI:PROFILE=JANITOR:COM;

is as follows:

P R O F I LE N A M E : J A N I T O R

C O M M A ND C L A S S A U T H O RI T I E S :

A =1 20 B= 10 0 C =1 00 D= 10 0 E= 10 F =1 0 G =1 00 H= 10 0 I =2 00 J= 10 0

K =1 00 L =1 00 M =1 50 N =1 0 0 O= 1 50 P =1 00 Q =1 50 R =1 00 S =2 00 T =1 00

U =1 00 V = 10 0 W =8 0 X =1 0 0 Y= 8 0

P A R A L LE L P A S S W OR D E X I S T EN C E : Y E S

P A SS W OR D V A LI D IT Y T I ME : 3 0 D A Y (S )


M M L C O M M A ND L O G A C C E SS I B I L IT Y : L I M I T ED

U N IQ U E P R OF I LE : N O

N E TW O RK U S E A L LO W ED : N O

M M L S E S S I ON I D LE T I ME L I M IT : 1 5 M I N (S )

P A S S W OR D P O L I C Y N A M E : P P O L I C Y

P R OF I LE I S U S ED B Y : B A TM A N, T A RZ A N, S U PM A N



IAI:USERID=ASMITH:COM;

is as follows:

U SE R ID : A SM IT H

P R O F I LE N A M E : H I G H R IG H T S


A =2 50 B = 2 50 C = 2 50 D = 2 50 E = 2 50 F =2 50 G = 2 50 H = 2 50 I = 2 50 J = 2 50

K =2 50 L = 2 50 M = 2 50 N = 2 50 O = 2 50 P =2 50 Q = 2 50 R = 2 50 S = 2 50 T = 2 50

U = 25 0 V = 25 0 W = 2 50 X = 25 0 Y = 25 0

P A R A L LE L P A S S W OR D E X I S T EN C E : N O

P A SS W OR D V A LI D IT Y T I ME L E FT : 2 1 D A Y (S )




59 (84)




M M L C O MM A ND L O G A C CE S SI B I LI T Y: L I MI T E D

U N IQ U E P R OF I LE : N O

M M L S E S S I ON I D LE T I M E L I M I T: 1 5 M I N (S )

P A SS W OR D P O LI C Y N A ME : P P O LI C Y

N E TW O RK U S E A L LO W E D: Y E S



IAI:PROFILE=ALL:LIM;

is as follows:


PROFILE: USER BY:

============================

JANITOR BATMAN, TARZA N, SU PM AN

MANAGER GEORGE

SMANAGER

HEADMASTER HOMERS



IAI:REMOTE=FARUSE:COM;

is as follows:

R E MO T E U S E R A N D I T S P R O F I LE F R OM L O CA L C A CH E F I LE :

R E MO T E U S ER I D : F A RU S E

M M I S E S S I ON S O P EN : 2


A =2 50 B = 2 50 C = 2 50 D = 2 50 E = 2 50 F =2 50 G = 2 50 H = 2 50 I = 2 50 J = 2 50

K =2 50 L = 2 50 M = 2 50 N = 2 50 O = 2 50 P =2 50 Q = 2 50 R = 2 50 S = 2 50 T = 2 50

U = 25 0 V = 25 0 W = 25 0 X = 25 0 Y = 2 50

P A SS W OR D V A LI D IT Y T I ME L E FT : 2 1 D A Y (S )

M M L S E S S I ON I D LE T I M E L I M I T: 1 5 M I N (S )

M M L C O MM A ND L O G A C CE S SI B I LI T Y: L I MI T E D








IAI:REMOTE=FARUSE:LIM;

is as follows:

.. .

USER ID: SESSIONS OPEN:

=================================

FARUSE 2






The given profile cannot be found in the system.

/ * ** T E RM I NA L D O ES N O T E X I S T * * */

The given terminal identifier cannot be found in the system.

/ ** * U SE R I D N OT F OU ND * ** /

The given user identity cannot be found in the system.




61 (84)









14 IAT: INTERROGATE COMMAND

DEFINITIONS

Function

Use this command to output all the commands, along with their authority data,

which belong to the command group you want to interrogate.

You can also use this command to output information on Q3 reporting, MML

command log visibility, and security reporting.

Parameters

command group;

Syntax

I A T : [ <c o m m a nd g r o u p >| A L L d e f ] ;


command group The identifier of the command group you want to output (two

characters).

If you enter ALL instead of the command group, the

information on all commands is output. ALL is the default

value of the parameter.

Examples

1. Output all the commands that belong to the CE command group along

with their authority and reporting data.

IAT:CE;



63 (84)

IAT: INTERROGATE COMMAND DEFINITIONS




The system does not check whether the commands that are output in MML

programs exist. Thus, the printouts can contain commands that are not available

in the application concerned.

If the CAUCNVGX conversion program is not run together with the software

build change, the authority requirements for all commands are changed to the

default values of software building. The default values are: 250, 200, 150, 100, or

50.

Execution printouts


IAT:CE;

is as follows:

C O M M A ND A U T H O RI T I E S :

COMMAND AU TH OR ITY VISIBILITY Q3 S EC UR ITY

REQUIREMENT NOTIFY NOTIFY

CEC 150 PUB LI C NO NO

CEL 50 PUB LI C NO NO





/ * ** C O MM A ND C L A SS N O T F O UN D * * */

The given command class cannot be found.

/ * ** S Y ST E M E R RO R * * */








15 IAL: INTERROGATE ALLOWED

COMMANDS

Function

Use this command to output the commands that are available for the user identity

utilised in the MML session and for the authorities of the MML terminal used.

Parameters


Syntax

IAL;

Examples

1. Output the commands that are available for the user identity used in theMML session in the given terminal.

IAL;


The command does not check whether the commands output in the MML

programs exist. Therefore, the output may include commands that are not

available in the given application.

Execution printouts

An execution printout generated by the command

IAL;

in an OMU is as follows:

C O MM A ND S A L LO W ED I N T H I S D I AL O GU E S E S SI O N



65 (84)

IAL: INTERROGATE ALLOWED COMMANDS



CEC C EL CEP CET

CRC C RI CRL CRM

DCA D CC DCD DCS

TMC T MD TME TMI TMM TMS





/ * ** S Y ST E M E R RO R * * */


/ ** * U SE R I D N OT F OU ND * ** /

The user identity cannot be found in the system. Check the alarms.







16 IAB: BLOCK/UNBLOCK COMMAND

Function

Use this command to block or unblock MML commands. Blocking can be

complete or it may only concern execution from the command calendar.

Parameters

command:

blocking type;

Syntax

I AB : < co mm an d> :

( E XEC = ( YE S | N O ) | COMCAL = ( Y ES | NO ) ) ;


command The MML command you want to block. The length of the

parameter is three characters.


command execution (un)blocking


EXEC Blocking or unblocking of command

execution

This parameter defines the blocking or unblocking of

command execution. With the value YES, the command is

blocked and with the value NO, it is unblocked. A command

blocked in this way cannot be run from the command

calendar.

command calendar execution (un)blocking




67 (84)

IAB: BLOCK/UNBLOCK COMMAND



COMCAL Blocking or unblocking of the command's

command calendar execution

This parameter defines the blocking or unblocking of the

command's command calendar execution. With the value

YES, the command is blocked and with the value NO, it is

unblocked.

Examples

1. Unblock the IAD command from the command calendar blocking.

IAB:IAD:COMCAL=NO;

2. Block the command calendar execution of the IAD command.

IAB:IAD:EXEC=YES;


When you use the EXEC parameter to block command execution, blocking also

concerns execution from the command calendar. When a command is unblocked,

the command calendar execution is also unblocked. If command execution is

separately blocked from the command calendar by using the COMCAL

parameter, this blocking cannot be released by using the EXEC parameter.

Execution printouts


E X EC U TI O N O F C O M MA N D I A D B L OC K ED


The execution printout of the command

IAB:IAL:COMCAL=NO;

is as follows:

C O MM A ND C A LE N DA R E X EC U TI O N O F C O MM A ND I A L U N BL O CK E D


With this command the execution of the IAL command from the command

calendar was allowed.









/ * ** B L OC K IN G O F B L OC K IN G C O MM A ND I S N O T A L L O WE D * * */

The IAB command cannot be blocked.

/ * ** C O MM A ND N O T F O U N D * * */

The given command cannot be found in the MMI system. You can use the IATcommand to output the commands of the MMI system.

/ * ** F I LE U P DA T IN G E R RO R * * * /

The update of the modification in the disk file has failed. Use the commands of

the DE command group to update the authority file of the MML commands.

/ * ** M M I R E C O R D E R R O R * * * /


/ * ** S Y ST E M E R RO R * * */





69 (84)

IAB: BLOCK/UNBLOCK COMMAND








17 IAO: INTERROGATE BLOCKED

COMMANDS

Function

Use this command to output blocked commands.

Parameters

command group;

Syntax

I A O : [ <c o m m a nd g r o u p >| A L L d e f ] ;


command group The command group whose blocked commands you want to

output. If you give ALL as the parameter value instead of a command group, all blocked commands are listed.


Examples

1. Output the blocked commands in the AB command group.

IAO:AB;

2. Output all blocked commands.

IAO:ALL;


The system does not check whether the commands that are output in the MML

programs exist. Therefore, the output may list commands that are not available in

the application concerned.



71 (84)

IAO: INTERROGATE BLOCKED COMMANDS



Execution printouts


IAO:US;

is as follows:

B L O C K ED C O M M A ND E X E C UT I O N :

COMMAND EXEC COM CA L

================================

USI BLOCKED -

USS - BLOCKED

USW - BLOCKED





/ * ** C O MM A ND G R O UP N O T F O UN D * * */

The command group cannot be found in the system. You can use the IAT

command to output the command groups of the system.

/ * ** S Y ST E M E R RO R * * */

There is a file error. Check the alarms.







18 IAJ: CONFIGURE DIRECTORY CLIENT

Function

Use this command to activate or deactivate the directory service. If needed, define

also the basic configuration data of the directory server where the actual

configuration data is received from. The primary and secondary server can be

configured separately. The DN path to the configuration data and the DN pathwhere the user is authenticated when the LDAP configuration is fetched are

given.

Parameters

directory client state:

directory type:

IPv4 address,IPv6 address,port:

base entry :

DN path to configuration data;

Syntax

I A J: S T AT E = (O N | O F F) : T YP E = (P R I d e f | S E C) : ( IP V 4= < di r e ct o ry I P v4 a d dr e ss > |

I P V 6 = <d i r e c to r y I P v 6 a d d r e s s > ) , PO R T = : : < D N p a t h t o

c o n f i gu r a t i on d a t a > ;


directory client state

This parameter defines whether the directory service is

activated or not.

The parameter is obligatory and it may have the values ON or

OFF. If you give the value OFF, it is not possible to give other

parameters.

directory type This parameter defines the type of the directory.



73 (84)

IAJ: CONFIGURE DIRECTORY CLIENT



The parameter can have the following values:

PRI Primary

SEC Secondary

If this parameter is not given when the state is set to ON, the

data in the JOINUS file is used. If JOINUS has no data, an

error message is printed.

IPv4 address The IP address of the directory server is specified in decimal

notation in quotation marks (#.#.#.#.). The range of values

for each part of the address is from zero to 255.

IPv6 address The IP address of the directory server is specified in

hexadecimal notation in quotation marks (#:#:#:#:#:#:#:#).

The range of values for each part of the address is from zero

to FFFF.

port This parameter defines the port number for the directory

server. The default port for the LDAP is 389.

base entry The base entry is used for directory operations. The DN used

for fetching the definitive configuration data is formatted by

using this value and the username of the network element.

DN path to configuration data The DN path where the user is authenticated when the LDAP

configuration is fetched.

Examples

1. Activate the directory client.

The IP address of the LDAP server containing the LDAP data is

127.11.123.1 and the used port is 389. The base entry is dc=nokia,

dc=com". The DN path to the configuration data is cn=primary,

ou=ldapconfdata,ou=root,dc=nokia,dc=com.

IAJ:STATE=ON:TYPE=PRI:IPV4="127.11.123.1",PORT=389:"dc=nokia,dc=com":"CN=PRIMARY,OU=LDAPCONFDATA,OU=ROOT,DC=NOKIA,DC=COM";

2. Inactivate the directory client.






IAJ:STATE=OFF; ... THIS COMMAND DISABLES CENTRALIZED

USER AUTHENTICATION DO YOU WANT TO CONTINUE? (Y/N) YCOMMAND EXECUTED


/ * ** I P A D DR E SS I S I L LE G AL * * */

You gave the IP address in the wrong format.

Check whether the IPv4 address has four parts separated by dots and whether it is

in quotation marks (#.#.#.#.#). Make sure that none of the parts in the address

exceed the upper limit of 255.

Check whether the IPv6 address has eight parts separated by colons and whether

it is in quotation marks (#:#:#:#:#:#:#:#). Make sure that none of the parts in theaddress exceed the upper limit of FFFF.






75 (84)

IAJ: CONFIGURE DIRECTORY CLIENT








19 IAU: REFRESH DIRECTORY CLIENT

CONFIGURATION DATA

Function

Use this command to refresh the directory client configuration data.

Parameters


Syntax

IAU:;

Examples

1. Refresh the configuration data.

IAU:;


If an error occurs, the system may output a general MML semantic error message.





77 (84)

IAU: REFRESH DIRECTORY CLIENT CONFIGURATION DATA








20 IAV: INTERROGATE DIRECTORY CLIENT

CONFIGURATION DATA

Function

Use this command to interrogate the directory client configuration data.

Parameters

directory type:

configuration data type;

Syntax

I A V: T YP E = (S E RV E R- 0 | S E RV E R- 1 | S T A TU S | A L L d e f ) : (C O M | L I M d e f ) ;


configuration data type

Use this parameter to specify what kind of directory

configuration data you want to display.

The parameter may have the values SERVER, STATUS or

ALL. When you give the value ALL, all configuration data is

displayed. With the value STATUS, the data of the

configuration server is displayed. With the value SERVER,

the data of the directory server used for the ongoing directory

operations is displayed.


Examples

1. Display all the configuration data.

IAV:TYPE=ALL:COM;



79 (84)

IAV: INTERROGATE DIRECTORY CLIENT CONFIGURATION DATA



Execution printouts

The following abbreviations are used in the execution printout:

IP ADDRESS IP address of the directory server

PORT Port of the directory server

BASE ENTRY Base entry used for the directory operations


P R I M A RY L D A P D I R E C TO R Y

=======================

I P A D D R E SS : 1 3 9 . 1 6 5. 1 0 . 1

PORT N BR: 389

D N P A T HS

B A S E E N T R Y :

dc=nokia,dc=com

CONFIGURATION:

c n = p r im a r y , o u = L d a pC o n f i gu r a t i on D a t a , d c = n o ki a , d c = co m

N E T Y P E:

o u = I P A2 8 0 0 , o u = A u t ho r i z a ti o n , d c = n o ki a , d c = co m

A C C E S S L I S T :

o u = N e Ac c e s s Se t , o u = A ut h o r i za t i o n , d c = n o k ia , d c = c om

PRINCIPALS:

o u = P r in c i p a lS e t , o u = A u t ho r i z a t io n , d c = n o ki a , d c = co m

S E C O N DA R Y L D A P D I R E C TO R Y

=========================

I P A D D R E SS : 1 3 9 . 1 6 5. 1 0 . 2

PORT N BR: 389

D N P A T HS

B A S E E N T R Y :

dc=nokia,dc=com

CONFIGURATION:c n = p r im a r y , o u = L d a pC o n f i gu r a t i on D a t a , d c = n o ki a , d c = co m

N E T Y P E:

o u = I P A2 8 0 0 , o u = A u t ho r i z a ti o n , d c = n o ki a , d c = co m

A C C E S S L I S T :

o u = N e Ac c e s s Se t , o u = A ut h o r i za t i o n , d c = n o k ia , d c = c om

PRINCIPALS:

o u = P r in c i p a lS e t , o u = A u t ho r i z a t io n , d c = n o ki a , d c = co m






F E A T U RE A C T I V AT I O N S T A T U S

==========================

D I R E C TO R Y C L I E N T A C T I V A T I O N S T A T U S : A C T I V E

C E N T R AL I Z E D U S E R A U T H E NT I C A T IO N A N D A U T H O R IZ A T I O N S T A T U S : A C T I VE


ZIAV:TYPE=ALL:LIM;

P R I M A RY L D A P D I R E C TO R Y

=======================

I P A D D R E SS : 1 3 9 . 1 65 . 1 0 . 1

PORT NBR: 3 89

S E C O N DA R Y L D A P D I R E C TO R Y=========================

I P A D D R E SS : 1 3 9 . 1 65 . 1 0 . 2

PORT NBR: 3 89

F E A T U RE A C T I V AT I O N S T A T U S

==========================

D I R E C TO R Y C L I E N T A C T I V A T I O N S T A T U S : A C T I V E

C E N T R AL I Z E D U S E R A U T H E NT I C A T IO N A N D A U T H O R IZ A T I O N S T A T U S : A C T I VE








81 (84)

IAV: INTERROGATE DIRECTORY CLIENT CONFIGURATION DATA








21 IAN: CONFIGURE CENTRALISED USER

AUTHENTICATION AND

AUTHORIZATION

Function

Use this command to configure centralised user authentication.

Parameters

centralised authentication;

Syntax

IAN : ( ON | O FF ) ;


centralised authentication

The centralised user authentication is either enabled or

disabled.

The status of the operation is promted.

Examples

1. Centralised user authentication is enabled.

IAN:ON;

2. Centralised user authentication is disabled.

IAN:OFF;





83 (84)

IAN: CONFIGURE CENTRALISED USER AUTHENTICATION AND AUTHORIZATION

Documents

Zia - Mmi System Authority Handling