Upload
antony-petrov
View
221
Download
0
Embed Size (px)
Citation preview
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 1/84
IA - MMI System Authority
Handling
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
1 (84)
2003353
Nokia BSC/TCSM S11.5 ProductDocumentation
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 2/84
The information in this documentation is subject to change without notice and describes only theproduct defined in the introduction of this documentation. This documentation is intended for theuse of Nokia's customers only for the purposes of the agreement under which the documentationis submitted, and no part of it may be reproduced or transmitted in any form or means without theprior written permission of Nokia. The documentation has been prepared to be used byprofessional and properly trained personnel, and the customer assumes full responsibility whenusing it. Nokia welcomes customer comments as part of the process of continuous developmentand improvement of the documentation.
The information or statements given in this documentation concerning the suitability, capacity, or performance of the mentioned hardware or software products cannot be considered binding butshall be defined in the agreement made between Nokia and the customer. However, Nokia hasmade all reasonable efforts to ensure that the instructions contained in the documentation areadequate and free of material errors and omissions. Nokia will, if necessary, explain issueswhich may not be covered by the documentation.
Nokia's liability for any errors in the documentation is limited to the documentary correction of errors. NOKIA WILL NOT BE RESPONSIBLE IN ANY EVENT FOR ERRORS IN THISDOCUMENTATION OR FOR ANY DAMAGES, INCIDENTAL OR CONSEQUENTIAL(INCLUDING MONETARY LOSSES), that might arise from the use of this documentation or the
information in it.
This documentation and the product it describes are considered protected by copyrightaccording to the applicable laws.
NOKIA logo is a registered trademark of Nokia Corporation.
Other product names mentioned in this documentation may be trademarks of their respectivecompanies, and they are mentioned for identification purposes only.
Copyright © Nokia Corporation 2005. All rights reserved.
2 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 3/84
Contents
Contents 3
List of tables 5
List of figures 6
Summary of changes 7
IA: MMI SYSTEM AUTHORITY HANDLING 9
1 IAA: CREATE OR MODIFY PROFILE 11
2 IAR: DELETE PROFILE 19
3 IAH: CREATE USER ID 23
4 IAD: DELETE USER ID 27
5 IAE: ATTACH PROFILE TO USER ID OR TERMINAL 29
6 IAG: CHANGE OWN PASSWORD 33
7 IAS: CHANGE PASSWORD OF OTHER USER ID 37
8 IAF: CHANGE SERVICE TERMINAL PASSWORD 41
9 IAQ: RESET LOGIN DELAYS 43
10 IAX: MODIFY MML SESSION IDLE TIME LIMIT 45
11 IAK: CHANGE ENCRYPTION METHOD 47
12 IAM: CHANGE COMMAND DEFINITIONS 51
13 IAI: INTERROGATE USER IDs, TERMINALS AND PROFILES 55
14 IAT: INTERROGATE COMMAND DEFINITIONS 63
15 IAL: INTERROGATE ALLOWED COMMANDS 65
16 IAB: BLOCK/UNBLOCK COMMAND 67
17 IAO: INTERROGATE BLOCKED COMMANDS 71
18 IAJ: CONFIGURE DIRECTORY CLIENT 73
19 IAU: REFRESH DIRECTORY CLIENT CONFIGURATION DATA 77
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
3 (84)
Contents
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 4/84
20 IAV: INTERROGATE DIRECTORY CLIENT CONFIGURATION DATA 79
21 IAN: CONFIGURE CENTRALISED USER AUTHENTICATION ANDAUTHORIZATION 83
4 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 5/84
List of tables
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
5 (84)
List of tables
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 6/84
List of figures
6 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 7/84
Summary of changes
Summary of changes
Changes between document issues are cumulative. Therefore, the latest document
issue contains all changes made to previous issues.
Changes made between issues 21 20
IAA CREATE OR MODIFY PROFILE
New parameters MINVTIME and PPOLICY have been added to the command.
IAI INTERROGATE USER IDs, TERMINALS AND PROFILES
The fields MINIMUM PASSWORD VALIDITY TIME and PASSWORD
POLICY NAME have been added to the execution printout.
Changes made between issues 20 1 and 20
IAS CHANGE PASSWORD OF OTHER USER ID
This command is no longer optional.
Changes made between issues 20 19
The text in the document has been edited according to the latest standards of
documentation.
IAF CHANGE SERVICE TERMINAL PASSWORD
New command.
IAQ RESET LOGIN DELAYS
New command.
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
7 (84)
Summary of changes
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 8/84
8 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 9/84
IA: MMI SYSTEM AUTHORITY HANDLING
Use the commands of this command group to output, modify, and remove MMIsystem authorities, user identities, and profiles. The commands can also be used
to change passwords, the encryption method, and the idle time limits related to
the MML session.
This command group is connected to, for example, the IO (Network User
Authority Data Handling) command group. If you are deleting a user identity by
using the IAD command and the deletion of a network user fails, you can use the
commands of the IO command group to delete the user.
Menu of the command group
M M I S Y S T E M A U T H O R I T Y H A N D L I N G C O M M A N D S
? . .. .. D I SP LA Y M EN U
A : . . .. . C R EA T E O R M O DI F Y P R O F I LE
R : . . .. . D E LE T E P R OF I LE
H : . .. .. C RE AT E U SE R I D
D : . .. .. D EL ET E U SE R I D
E : . .. .. A TT AC H P RO FI LE T O U SE R I D O R T ER MI NA L
G ; . . .. . C H AN G E O W N P A S S W OR D
S : . .. .. C HA NG E P AS SW OR D O F O TH ER U SE R I D
F ; . . .. . C H AN G E S E RV I CE T E RM I NA L P A SS W OR D
Q ; . . .. . R E SE T L O GI N D E LA Y S
X : . . .. . M O DI F Y M M L S E S SI O N I D L E T I ME L I MI T
K : . . .. . C H AN G E E N CR Y PT I ON M E TH O D
M : . . .. . C H AN G E C O MM A ND D E FI N IT I O NSI : . . .. . I N TE R RO G AT E U S ER I D S, T E RM I N AL S A N D P R OF I LE S
T : . . . . . I N T E R R O G A TE C O M M A ND D E F I N I TI O N S
L ; . . .. . I N TE R RO G AT E A L LO W ED C O MM A N DS
B : . . . . . B L O C K / U N B LO C K C O M M A ND
O : . . .. . I N TE R RO G AT E B L OC K ED C O MM A N DS
N : . . . . . C O N F I G U R E C E N T R A L I Z ED U S E R A U T H E N T I C A T IO N A N D A U T H O RI Z A T I ON
Z ; . .. .. R ET UR N T O M AI N L EV E L
IA: MMI SYSTEM AUTHORITY HANDLING
The commands in this command group are:
IAA CREATE OR MODIFY PROFILE
IAR DELETE PROFILE
IAH CREATE USER ID
IAD DELETE USER ID
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
9 (84)
IA: MMI SYSTEM AUTHORITY HANDLING
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 10/84
IAE ATTACH PROFILE TO USER ID OR TERMINAL
IAG CHANGE OWN PASSWORD
IAS CHANGE PASSWORD OF OTHER USER ID
IAF CHANGE SERVICE TERMINAL PASSWORD
IAQ RESET LOGIN DELAYS
IAX MODIFY MML SESSION IDLE TIME LIMIT
IAK CHANGE ENCRYPTION METHOD
IAM CHANGE COMMAND DEFINITIONS
IAI INTERROGATE USER IDS, TERMINALS AND
PROFILES
IAT INTERROGATE COMMAND DEFINITIONS
IAL INTERROGATE ALLOWED COMMANDS
IAB BLOCK/UNBLOCK COMMAND
IAO INTERROGATE BLOCKED COMMANDS
IAJ CONFIGURE DIRECTORY CLIENT
IAU REFRESH DIRECTORY CLIENT CONFIGURATION
DATA
IAV INTERROGATE DIRECTORY CLIENT
CONFIGURATION DATA
IAN CONFIGURE CENTRALIZED USER AUTHENTICATION
AND AUTHORIZATION
10 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 11/84
1 IAA: CREATE OR MODIFY PROFILE
Function
Use this command to create a new profile or modify an existing profile. Be very
careful when modifying your own ID or terminal.
Parameters
profile:
base profile ,command class, authority :
parallel password, password validity time, minimum password validity time, mml
command log accessibility , unique, password policy name:
MML Session idle time limit;
Syntax
I AA : < pr of il e> : [ B A S EP = < ba se p ro fi le > |
[ [ < co mm an d c la ss > = A LL d ef ] = [ < au th or it y> | 1 d ef ] ] . .. ] . .. :
[ P ARAPW = [ Y ES d ef | NO ] ,
V TI ME = [ < p a ss w or d v al id it y t im e > | F OR EV ER | 1 00 d ef ] ,
V MI NT IM E = [ < m i ni mu m p as sw o rd v a li di t y t i m e> | 0 d ef ] ,
A CC ES S = [C OM | M ED | L IM d ef ] ,
UNIQUE = [ Y ES | N O d ef ] ] ... ,
P WP OL IC Y = [ < p a ss wo rd p ol ic y n am e> ] :
[T L I M I T = < M M L _ s es s i o n _i d l e _ ti m e _ l im i t > | 15 d e f ] ;
Parameter explanations
Profile This parameter defines the name of the profile you want to
create or edit.
The maximum length of the profile name is 10 characters.
The first character is always a letter and the remaining
characters are either letters or numbers. The parameter value
ALL is not allowed.
This parameter is obligatory.
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
11 (84)
IAA: CREATE OR MODIFY PROFILE
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 12/84
Base profile A profile whose contents you want to create form the basis of
the new profile.
The contents of the base profile are copied and form the basis
of a new profile. If required, other new values are specified in
the parameters and added to the base. The name of the base
profile must be identical to an existing profile attached to the
system.
Command class The letter (A to Y) for the command class of the profile whose
authority value you want to change.
By entering the parameter value ALL, the authority values for
all command classes can be changed simultaneously. If ALL
is entered, individual command classes cannot be entered in
the same command.
Authority This parameter defines the command class -specific authority
value for the profile.
The authority value can range from 1 to 251, where the value
251 is a special authority. The default value is 1. If the special
authority value 251 has been defined for the command class
of the user profile, the user identity which uses the profile is
allowed to execute the commands of this command class from
all terminals, regardless of the authority requirements of the
terminal itself.
If the special authority value 251 has been defined for the
command class of the terminal profile, all user identities are
allowed to execute commands in this command class from the
terminal using the profile, regardless of the authority
requirements of the user identity's own profile.
Parallel password
Use this parameter to define whether the users attached to the
profile have separate passwords for remote connections, used
to access the network elements of the older system level.
PARAPW Parallel password
Specify one of the following values for the parameter:
YES Parallel passwords are used.
NO Parallel passwords are not used.
12 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 13/84
To guarantee information security, it is advisable to specify
the value YES for the parameter.
The default value is YES. If you do not specify this parameter
when creating a new profile, the program gives the parameter
the value YES as a default value. When modifying an old
profile, the parameter value remains the default value.
Password validity time
This parameter defines the latest time for changing the
password. The password validity time is between 0 and 250
days, or 'FOREVER'. The value 0 means that the password
must be changed after each login. If the password is given the
value 'FOREVER', the password is valid indefinitely.
The default value is 100. If a new profile is not given whilethe parameter is being created, the parameter validity time is
100 by default. When an old profile is changed, the value of
the parameter remains unchanged.
If you wish to shorten the password validity time of an
existing profile, the program checks if any of the password
validity times for the user identities attached to the profile are
longer than the new profile-specific password validity time. If
longer password validity times are found, the profile-specific
password validity time is also defined for the password
validity times for the user identities.
minimum password validity time
With the parameter MINVTIME, the operator can define the
minimum password validity time, that is, the time that has to
pass from changing the password before it can be changed
again. The possible values are 0-250 days. The value 0 means
that the user can change the password right after the previous
change. The value cannot be higher than the value of the
parameter VTIME. This is an optional parameter.
MML command log accessibilityUse this parameter to define what information the profile user
is allowed to output from the command log.
ACCESS MML command log accessibility
Specify one of the following values for the parameter:
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
13 (84)
IAA: CREATE OR MODIFY PROFILE
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 14/84
COM Complete accessibility
Profile users are allowed to output the
complete contents of the command log.
MED Medium accessibility
Profile users are allowed to output the
information from the MML command log
on all commands executed by them and
on the public commands executed by
other users (visibility = public).
LIM Limited accessibility
Profile users are allowed to output the
information from the MML command log
on all commands executed by them. This
is the default value.
If you do not enter this parameter while creating a new
profile, the MML command log accessibility is LIM by
default. When you are modifying an old profile, the MML
command log accessibility remains unchanged by default.
Unique This parameter defines whether a profile is a one-user profile
or a normal profile.
UNIQUE Unique
Specify one of the following values for the parameter:
YES Only one user identity or terminal can be
attached to the profile.
NO The number of profile users is unlimited.
This is the default value.
The parameter does not affect the modification of an existing
profile. An existing one-user profile cannot be changed to a
normal profile. Nor can a normal profile be changed to a one-
user profile after it has been created. If the parameter is not
entered, the default value is NO.
14 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 15/84
password policy With the parameter PWPOLICY, the operator can define the
password policy that is used with this profile. The possible
values are the names of existig password policies. If the value
is not given, no password policy is used with this profile. This
parameter has a dynamic guidance output. Only the name of
an existing password policy is allowed. If there is no
password policy configured in the network element, guidance
text No password policies available is displayed in the
guidance output. This is an optional parameter.
MML-session idle time limit
TLIMIT Use this parameter to change the time
supervision value of the MML session.
The time supervision value can range
from 1 to 60 minutes. Time supervisionhas an immediate effect on the user's own
session, and after re-login it also affects
the sessions of other users belonging to
the same profile.
Examples
1. Create a new profile called CHIPNDALE with default values.
IAA:CHIPNDALE;
2. Create a new profile called MANAGER. The contents of the profile are thesame as the contents of the existing profile GOOFY. The command classes
A and I, and the password validity time are exceptions. Their authority
values are changed as follows: A=150, I=50, and VTIME=30.
IAA:MANAGER:BASEP=GOOFY,A=150,I=50:VTIME=30;
3. Create a new one-user profile called SUPERVISOR. This new profile is
based on the existing profile GOOFY. The new profile has complete MML
command log accessibility.
IAA:SUPERVISOR:BASEP=GOOFY:UNIQUE=YES,ACCESS=COM;
4. To create a new profile called PPOLICY, give the command below. First check if the password policy called POLICY exists by using the IVI MML
command or create it by using the IVK MML command. This new profile
is based on the existing profile GOOFY. The password validity time,
minimum password validity time, and password policy are exeptions. Their
authority values are changed as follows: VTIME=100, MINVTIME=50,
and PWPOLICY=POLICY.
IAA:PPOLICY:GOOFY:VTIME=100,MINVTIME=50,
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
15 (84)
IAA: CREATE OR MODIFY PROFILE
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 16/84
PWPOLICY=POLICY;
Additional information
In example 2, the profile identity GOOFY is an already existing profile. However,the profile identity MANAGER is new, so a profile with this name cannot exist in
the system. The command creates a new user identity, MANAGER, whose
contents are identical to the profile GOOFY, with the exception of the password
validity time, the authority values for command classes A and I, and the MML
command log accessibility. The command does not affect the contents of the
profile GOOFY in any way.
In the first example, the profile CHIPNDALE is given the following default
values:
P R O F I LE N A M E : C H I P N D A L EC O M M A ND C L A S S A U T H O RI T I E S :
A=1 B= 1 C=1 D=1 E= 1 F=1 G=1 H=1 I=1 J=1
K=1 L= 1 M=1 N=1 O= 1 P=1 Q=1 R=1 S=1 T=1
U=1 V= 1 W=1 X=1 Y= 1
P A R A L LE L P A S S W O RD E X I S T E NC E : Y E S
P A SS W OR D V A L ID I TY T I ME : 1 0 0 D A Y (S )
M I NI M UM P A SS W OR D V A LI D IT Y T I ME : 5 0 D A Y (S )
M M L C O MM A N D L O G A C C ES S IB I L IT Y : L I MI T ED
U N IQ U E P R O FI L E: N O
M M L S E S S I ON I D LE T I ME L I MI T : 1 5 M I N (S )
P A SS W OR D P O L IC Y N A M E: P P OL I CY
P RO FI LE I S U SE D B Y:
C O M M A ND E X E C U TE D
When an existing profile is being modified, the MML program asks for
verification before it saves the changes.
Every user id used by the Nokia network management system, Nokia NetAct,
must be created with its own unique profile. This ensures that the user identities
required by Nokia NetAct can be managed from the network management system
without problems.
Execution printouts
Normally, when a new profile is created, no execution printout is output.
16 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 17/84
When an existing profile is being modified, the MML program asks for
verification before command execution.
If you give the command
IAA:CHIPNDALE:A=200,U=150;
and the profile already exists, the printout generated by the command is as
follows:
E X E C U TI O N S T A R T ED
Y O U A R E M O DI F YI N G E X IS T IN G P R O FI L E: C H IP N D AL E
C O NF I RM C O MM A ND E X EC U TI O N: Y / N ? Y
C O M M A ND E X E C U TE D
If modifying a profile causes the authorities for the session in question to become
so low that you cannot modify any user identity's authorities, the program gives a
warning and asks for confirmation of the command execution.
The printout generated by the command
IAA:PROFILE:I=50;
is given below. The command is entered from a terminal whose profile is
PROFILE.
E X E C U TI O N S T A R T ED
/ * T H IS M O DI F IC A TI O N W I LL P R EV E NT Y O U F R OM M A KI N G
F UR TH ER AU TH ORI TY C HAN GE S F RO M T HI S T ER MI NA L * /
Y O U A R E M O DI F YI N G E X IS T IN G P R O FI L E: P R OF I L E
C O NF I RM C O MM A ND E X EC U TI O N: Y / N ? Y
C O M M A ND E X E C U TE D
A similar message about the user id is given if you change the I-class authorities
of your own profile so that they are so low that you can no longer modify them.
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
17 (84)
IAA: CREATE OR MODIFY PROFILE
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 18/84
Semantic error messages
/ * ** S E MA N TI C E R RO R * * * /
/ * ** P A RA M ET E R V A L U E A L L I S N O T A L L O W ED * * */
ALL is not allowed as a profile name.
The system may also output a general semantic error message.
Execution error messages
/ * ** B A SE P R OF I L E N O T F O U ND * * */
The name of the base profile could not be found in the system. You can output the
names of the existing base profiles by using the IAI command.
/ * ** M M I R E C O R D E R R O R * * * /
The contents of the record are incorrect. Check the alarms.
/ ** * N O R OO M F OR M OR E P RO FI L ES * * */
There is no more room for new profiles in the system. You can remove the
unnecessary old profiles by using the IAR command.
/ * ** N O P A SS W OR D P O LI C Y A V AI L A BL E * * * /
The password policy could not be found in the system. You can output the
existing password policies by using the IVI command.
In some cases, alarm 2427 (MMI SYSTEM FILE ERROR) is also set. This
alarm indicates the reason for the file error more specifically.
The system may also output a general MML execution error message.
18 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 19/84
2 IAR: DELETE PROFILE
Function
Use this command to delete a profile.
Parameters
profile;
Syntax
I AR : < pr of il e> ;
Parameter explanations
profile The profile you want to delete from the MMI system.
The maximum length of the profile name is 10 characters.
The first character is always a letter and the remainingcharacters are either letters or numbers.
The parameter is obligatory.
Examples
1. Delete the profile JANITOR.
IAR:JANITOR;
Additional information
The MML program asks for verification before deleting an existing profile. A
profile can be deleted only if it has not been attached to any user identity or
terminal.
Execution printouts
No execution printout is output when a profile is deleted.
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
19 (84)
IAR: DELETE PROFILE
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 20/84
The program always asks for verification before command execution.
The printout generated by the command
IAR:CHIPNDALE;
is as follows:
E X E C U TI O N S T A R T E D
Y O U A R E D E LE T IN G P R O FI L E: C H IP N D AL E
C O NF I RM C O M MA N D E X EC U TI O N: Y / N ? Y
P R O F I LE D E L E T ED
C O M M A ND E X E C U TE D
Semantic error messages
If an error occurs, the system outputs a general MML semantic error message.
Execution error messages
/ * ** E R RO R W H IL E D E LE T IN G * * */
The deletion of the profile has failed. Check the alarms. If there are no alarms,
give the command again.
/ * ** F I LE U P DA T I NG E R RO R * * */
The update of the modifications in the disk file has failed. Update the profile file
using the commands of the DE command group.
/ ** * P RO FI LE CA NN OT BE DE LE TE D * ** /
/ * ** P R OF I LE H A S B E E N A T T AC H ED T O : * * */
The profile has already been attached to at least one user identity or terminal. You
can delete the profile only if it has not been attached to any user identity or
terminal.
/ * ** P R OF I LE N O T D E LE T E D * * * /
The user has cancelled the profile deletion. Check the existing profiles using the
IAI command.
20 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 21/84
/ * ** P R OF I LE N O T F O U N D * * */
The specified profile could not be found in the system.
The system may also output a general MML execution error message.
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
21 (84)
IAR: DELETE PROFILE
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 22/84
22 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 23/84
3 IAH: CREATE USER ID
Function
Use this command to create a new user identity and attach a profile to it. You can
create the profile using the IAA command.
Parameters
user id:
profile;
Syntax
I AH : < us er i d> : < pr of il e> ;
Parameter explanations
user id This parameter is used to identify a new user id.
The maximum length of the parameter value is six characters.
The first character is always a letter and the remaining
characters are either letters or numbers.
The parameter is obligatory.
profile This parameter defines a profile for the user id.
The maximum length of the parameter is 10 characters. The
first character is always a letter and the remaining charactersare either letters or numbers. The profile must already exist in
the exchange.
The parameter is obligatory.
Examples
1. Create the user identity BANANA and define JANITOR as its profile.
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
23 (84)
IAH: CREATE USER ID
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 24/84
IAH:BANANA:JANITOR;
Additional information
The user identity cannot exist in the exchange. After enter the command, the
MML program asks for the password of the user identity you want to create and
its verification. The profile (JANITOR in the example) must exist in the exchange
before it can be attached to a user identity.
Every user id used by the Nokia network management system, Nokia NetAct,
must be created with its own unique profile. This ensures that the user identities
required by the Nokia NetAct can be managed from the network management
system without problems.
If the password policy feature is on and the given password is not compliant with
the password policy, the following execution error message appears.
/ * ** P A SS W OR D N O T C O MP L IA N T W I TH P O LI C Y * * */
If the password policy feature is on and the given password is found in the
password policy history list or the minimum password validity time has not
elapsed, the following execution error message appears.
/ * ** P A SS W OR D H I ST O RY C H EC K I NG F A IL E D * * */
Execution printouts
The printout generated by the command
IAH:ALFRED:JANITOR;
is as follows:
E X E C U TI O N S T A R T E D
/ * I D E N T IF Y P A S S W O RD :
M I NI M UM P A SS W OR D L E NG T H I S 6
M A XI M UM P A SS W OR D L E NG T H I S 1 6 * /
N E W P A S S W OR D : * * * * * ** * *
V E R I F IC A T I O N: * * * * * ** * *
/ * I D E NT I FY P A SS W O RD F O R O L DE R S Y S TE M L E VE L S:
M I NI M UM P A SS W OR D L E NG T H I S 6
24 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 25/84
M A X IM U M P A SS W OR D L E NG T H I S 1 5 * /
N E W P A S S W OR D :
VERIFICATION:
C O M M A ND E X E C U TE D
If the users attached to the profile do not have parallel passwords, the second
inquiry and verification of the password are not output.
Semantic error messages
/ ** * U SE R I D T OO S HO RT * ** /
The user identity must contain six characters. Enter a longer user id.
The system may also output a general semantic error message.
Execution error messages
/ * ** T O O S H OR T P A SS W OR D * * */
/ ** * U SE R I D N OT C RE AT ED * ** /
The minimum length of the password is six characters. Check the length of the
password.
/ * ** T O O L O N G P A SS W OR D * * *// ** * U SE R I D N OT C RE AT ED * ** /
The maximum length of the password in the new system levels is 16 characters,
and in the old system levels it is 15 characters.
/ * ** M M I R E C O R D E R R O R * * * /
The contents of the record are incorrect. Check the alarms.
/ * ** P A SS W OR D C O NT A IN S I N VA L ID C H AR A CT E RS * * * /
/ ** * U SE R I D N OT C RE AT ED * ** /
The given password contains forbidden characters. A password may contain
capital letters, numbers, and most of the other graphic characters. The allowed
characters include ASCII code characters between HEX 21 and HEX 7E.
/ ** * P AS SW OR D I S S AM E A S U SE R I D;
P L EA S E C H OO S E A N O TH E R S T RI N G * * */
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
25 (84)
IAH: CREATE USER ID
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 26/84
The password must not be identical to the user identity. Choose another
password.
/ * ** P A SS W OR D F O R O L DE R S Y ST E M L E VE L S
I S S AM E A S N EW T YP E P AS SW OR D * ** /
/ * ** P L EA S E C H OO S E A N OT H ER S T R IN G * * * /
The passwords for old and new system levels must not be identical. Choose
another password.
/ * ** P A SS W OR D V E RI F IC A TI O N E R R OR * * */
/ ** * U SE R I D N OT C RE AT E D * ** /
A typing error was made in the verification of the password.
/*** PROFILE IS A UNIQU E PRO FI LE ***/
/ ** * O NL Y O NE U S ER C AN B E A T TA CH E D T O T HI S P RO FI LE * ** /
The profile has been defined as a one-user profile. The profile has already been
attached to a user id or a terminal. Thus, it cannot be attached to other user
identities or terminals.
/ * ** P R OF I LE N O T F O U N D * * */
/ ** * U SE R I D N OT C RE AT E D * ** /
The user profile does not exist. Use the IAI command to check the existing user
profiles and the IAA command to create a new user profile.
/ * ** S Y ST E M E R RO R * * */
There is an error in the file. Check the alarms.
/ * ** U S ER I D A L R EA D Y E X I S T S * * * /
/ ** * U SE R I D N OT C RE AT E D * ** /
The user id already exists.
/ ** * U SE R I D N OT C RE AT E D * ** /
/ ** * N O M OR E R OO M F OR N EW U S ER I D S * * * /
There is no more room for new user identities in the system. Use the IAD
command to delete the unnecessary user identities.
26 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 27/84
4 IAD: DELETE USER ID
Function
Use this command to delete a user identity from the MMI system. To check the
existing user profiles, use the IAI command.
Parameters
user id;
Syntax
I A D : < us e r i d > ;
Parameter explanations
user id This parameter specifies the user identity you want to delete.
The length of the user id is six characters.
The parameter is obligatory.
Examples
1. Delete the user identity LMERIC from the system.
IAD: LMERIC;
Additional information
Before deleting a user identity, the MML program asks for verification from theuser. The user's own user identity in an active session must not be deleted. When
a user identity is deleted, network user authorities and user-specific limitations, if
any, are also deleted.
Execution printouts
When a user identity is being deleted, no execution printout is output.
The program always asks for verification before command execution.
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
27 (84)
IAD: DELETE USER ID
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 28/84
The printout generated by the command
IAD:LMERIC;
is as follows:
E X E C U TI O N S T A R T E D
Y O U A R E D E LE T IN G U S E R I D : L M E RI C
C O NF I RM C O M MA N D E X EC U TI O N: Y / N ? Y
U S ER I D D E LE T ED
C O M M A ND E X E C U TE D
Semantic error messages
/ ** * U SE R I D T OO S HO RT * ** /
The user identity must contain six characters. Check the length of the user id.
The system may also output a general MML semantic error message.
Execution error messages
/ * ** E R RO R W H IL E D E LE T IN G * * */
The deletion of the user identity has failed. Give the command again.
/ * ** F I LE U P DA T I NG E R RO R * * */
The update of the modifications in the disk file has failed. Update the password
file using the commands of the DE command group.
/ ** * O WN U SE R I D C AN NO T B E D EL ET E D * ** /
You tried to delete your own user id. It is not possible to delete one's own user id.
/ ** * U SE R I D N OT F OU ND * ** /
The given user identity was not found in the system. To check the existing user
identities, use the IAI command.
The system may also output a general MML execution error message.
28 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 29/84
5 IAE: ATTACH PROFILE TO USER ID OR
TERMINAL
Function
Use this command to change the profile of a user identity or a terminal.
Parameters
execution parameter:
profile;
Syntax
I AE : ( U S ER ID = < us er i d> | T ER M IN AL = < MM L t e r mi na l> ) : < pr of il e> ;
Parameter explanations
user id The parameter can have the following value:
USERID User identity
The user id whose profile you want to change.
The length of the user identity is six characters. The first
character is always a letter and the remaining characters are
either letters or numbers. The user identity must exist in the
system.
MML terminal The parameter can have the following values:
TERMINAL Terminal identity
Use this parameter to define the terminal whose profile you
want to change. To define the terminal identity, give the
parameter one of the following values:
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
29 (84)
IAE: ATTACH PROFILE TO USER ID OR TERMINAL
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 30/84
CAL Command calendar
VTP Virtual terminal
profile The profile you want to attach to the user identity or the
terminal. The name must be a profile created in the system.
This parameter is obligatory.
Examples
1. Attach the profile CHIPNDALE to the user identity BATMAN.
IAE:USERID=BATMAN:CHIPNDALE;
Additional information
Before giving the command, you must define the user identity, the terminal, and
the profile.
In command example 1, the profile used by the user identity BATMAN is
replaced by the profile CHIPNDALE. At the next login to the exchange, the user
identity BATMAN uses the authority data on the profile CHIPNDALE.
Every user id used by the Nokia network management system, Nokia NetAct,
must be created with its own unique profile. This ensures that the user identities
required by the Nokia NetAct can be managed from the network management system without problems.
Execution printouts
Normally, when a profile for a user id or a terminal is changed, no command
execution printout is output.
If changing the profile causes the authorities for the session in question to become
so low that you cannot modify any authorities, the program gives a warning and
asks for confirmation.
The printout generated by the command
IAE:TERMINAL=VDU0:LOWTERMPRO;
is given below. The command is entered from the terminal and the authorities for
the new profile in class I are low.
E X E C U TI O N S T A R T E D
30 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 31/84
/ * T H IS M O DI F IC A TI O N W I LL P R EV E NT Y O U F R OM M A KI N G
F UR TH ER AU TH ORI TY C HAN GE S F RO M T HI S T ER MI NA L * /
C O NF I RM C O MM A ND E X EC U TI O N: Y / N ? Y
C O M M A ND E X E C U TE D
A similar message concerning the user identity is given if you change your own
profile to one in which the I-class authorities are so low that no further changes
can be made.
Semantic error messages
If an error occurs, the system outputs a general MML semantic error message.
Execution error messages
/ * ** M M I R E C O R D E R R O R * * * /
The contents of the record are incorrect. Check the alarms.
/*** PROFILE IS A UNIQUE PRO FILE ***/
/ ** * O NL Y O NE U SE R C AN B E A T TA CH E D T O T HI S P RO FI LE * * */
The profile has been defined as a profile for one user only. It has already been
attached to a user identity or a terminal and cannot be attached to other identities
or terminals.
/ * ** P R OF I LE N O T F O U N D * * */
The given profile was not found in the system. Use the IAI command to check
the existing user profiles or the IAA command to create a new user profile.
/ * ** S Y ST E M E R RO R * * */
There is an error in the file. Check the alarms.
/ * ** T E RM I NA L D O ES N O T E X I S T * * */
The given terminal identifier was not found in the terminal data file. To check the
alarms, give the IAI command.
/ ** * U SE R I D N OT F OU ND * ** /
The given user identity was not found in the system. To check the existing user
identities, give the IAI command.
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
31 (84)
IAE: ATTACH PROFILE TO USER ID OR TERMINAL
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 32/84
The system may also output a general MML execution error message.
32 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 33/84
6 IAG: CHANGE OWN PASSWORD
Function
Use this command to change your own password.
Parameters
password type;
Syntax
I AG : [ < p a ss wo r d t y p e> | N E WP WT d ef ];
Parameter explanations
password type You can use this parameter to define whether you want to
change a new system level password or a password which is
used for remote connections to access the system levels which
do not support the feature using the new encryption method.
You can give the parameter one of the following values:
OLDPWT The password used for remote
connections to access the old system
levels is changed.
NEWPWT The password that can be used for the new
system levels is changed. This is the
default value.
If the user has been attached to a profile which determines
that the user can have only one password, the value
OLDPWT is not output in any parameter guides.
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
33 (84)
IAG: CHANGE OWN PASSWORD
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 34/84
Examples
1. Change your own password.
IAG;
2. Change the password for remote connections to access the older system
levels.
IAG:OLDPWT;
Additional information
First, the program asks you to enter the old password. Then it asks for the new
password and its verification. The password cannot be identical to your own user
id.
If the password policy feature is on and the given password is not compliant with
the password policy, the following execution error message appears.
/ * ** P A SS W OR D N O T C O MP L IA N T W I TH P O LI C Y * * */
If the password policy feature is on and the given password is found in the
password policy history list or the minimum password validity time has not
elapsed, the following execution error message is displayed.
/ * ** P A SS W OR D H I ST O RY C H EC K I NG F A IL E D * * */
Execution printouts
The printout generated by the command
IAG;
is given below. The passwords are output on the terminal as the character defined
in the parameter file (the default value is *).
E X E C U TI O N S T A R T E D
O L D P A S S W OR D : * * * * * *
/ * I D E NT I FY N E W P A SS W OR D :
M I NI M UM P A SS W OR D L E NG T H I S 6
M A XI M UM P A SS W OR D L E NG T H I S 1 6 * /
N E W P A S S W OR D : * * * * * ** *
V E R I F IC A T I O N: * * * * * ** *
34 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 35/84
C O M M A ND E X E C U TE D
The execution printout generated by the command
IAG:OLDPWT;
is given below. The passwords are not repeated on the terminal.
E X E C U TI O N S T A R T ED
O L D P A S S W OR D :
/ * I D EN T IF Y N E W P A SS W OR D :
M I N IM U M P A SS W OR D L E NG T H I S 6
M A X IM U M P A SS W OR D L E NG T H I S 1 5 * /
N E W P A S S W OR D :
VERIFICATION:
C O M M A ND E X E C U TE D
Semantic error messages
If an error occurs, the system outputs a general MML semantic error message.
Execution error messages
/ * ** C U RR E NT M M L- S ES S IO N P A SS W OR D C H AN G E F A IL E D * * */
The changing of the password in the MMIMAN in the MML session concerned
has failed. Start a new MML session. The new password is valid in the new MML
session.
/ * ** T O O S H OR T P A SS W OR D * * */
The minimum length of a password is six characters. Check the length of the
password.
/ * ** T O O L O N G P A SS W OR D * * */
The maximum length of a password for the new system levels is 16 characters,
and 15 characters for the older system levels. Check the length of the password.
/ * ** M M I R E C O R D E R R O R * * * /
The contents of the record are incorrect. Check the alarms.
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
35 (84)
IAG: CHANGE OWN PASSWORD
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 36/84
/ * ** O L D P A SS W OR D V E RI F IC A TI O N E R RO R * * */
The given password is not identical to the one the session was started with.
/ * ** P A SS W OR D C O NT A IN S I N VA L ID C H AR A CT E R S * * */
The given password contains forbidden characters. The password may contain
capital letters, numbers, and most of the other graphic characters. The allowed
characters include ASCII code characters between HEX 21 and HEX 7E.
/ ** * P AS SW OR D I S S AM E A S U SE R I D;
P L E AS E C H OO S E A N OT H ER S T RI N G * * */
The password must not be identical to the user identity. Choose another
password.
/ * ** P A SS W OR D F O R O L DE R S Y ST E M L E VE L S
I S S AM E A S N EW T YP E P AS SW OR D * ** /
/ * ** P L EA S E C H OO S E A N OT H ER S T R IN G * * * /
The passwords meant for the new and old system levels must not be identical.
Choose another password.
/ * ** P A SS W OR D V E RI F IC A TI O N E R R OR * * */
A typing error was made in the verification of the password.
In addition, the system may also output a general MML execution error message.
36 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 37/84
7 IAS: CHANGE PASSWORD OF OTHER
USER ID
Function
Use this command to change the passwords of other user identities in the MMI
system.
Parameters
user id:
password type;
Syntax
I AS : < us er i d> : [ < p a ss wo rd t yp e > | N EW PW T d ef ] ;
Parameter explanations
user id The user identity whose password you want to change. The
length of the user id is six characters.
This parameter is obligatory.
password type You can use this parameter to define whether you want to
change a new system level password or a password that is
used for remote connections to access the system levels that
do not support the feature using the new encryption method.
Specify one of the following values for the parameter:
OLDPWT The password used for remote
connections to access the old system
levels is changed.
NEWPWT The password for the new system levels is
changed. This is the default value.
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
37 (84)
IAS: CHANGE PASSWORD OF OTHER USER ID
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 38/84
If the user has been attached to a profile determining that the
user can have only one password, the value OLDPWT is not
output in any parameter guides.
Examples
1. Change the password of user identity USER00.
IAS:USER00;
2. Change the password of user id USER01 used for remote connections to
access the older system levels.
IAS:USER01:OLDPWT;
Additional information
First, the program asks you to enter the old password. Then, it asks for the new
password and its verification. The password cannot be identical to your own user
id.
If the password policy feature is on and the given password is not compliant with
the password policy, the following execution error message appears.
/ * ** P A SS W OR D N O T C O MP L IA N T W I TH P O LI C Y * * */
If the password policy feature is on and the given the password is found in the
password policy history list or the minimum password validity time has not elapsed, the following execution error message is displayed.
/ * ** P A SS W OR D H I ST O RY C H EC K I NG F A IL E D * * */
Execution printouts
The printout generated by the command
IAS:JJHILL;
is given below. The passwords are output on the terminal as the character defined
in the parameter file (the default value is *).
E X E C U TI O N S T A R T E D
/ * I D E NT I FY N E W P A SS W OR D :
M I NI M UM P A SS W OR D L E NG T H I S 6
M A XI M UM P A SS W OR D L E NG T H I S 1 6 * /
38 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 39/84
N E W P A S S W OR D : * * * * * ** *
V E R I F IC A T I O N: * * * * * ** *
C O M M A ND E X E C U TE D
The printout generated by the command
IAS:JJHIL:OLDPWT;
is given below. The passwords are not repeated on the terminal.
E X E C U TI O N S T A R T ED
/ * I D EN T IF Y N E W P A SS W OR D :
M I N IM U M P A SS W OR D L E NG T H I S 6
M A X IM U M P A SS W OR D L E NG T H I S 1 5 * /
N E W P A S S W OR D :
VERIFICATION:
C O M M A ND E X E C U TE D
Semantic error messages
/ ** * U SE R I D T OO S HO RT * ** /
The user id must contain six characters.
The system may also output a general MML semantic error message.
Execution error messages
/ * ** T O O S H OR T P A SS W OR D * * */
The minimum length of a password is six characters. Check the length of the
password.
/ * ** T O O L O N G P A SS W OR D * * */
The maximum length of a password for the new system levels is 16 characters,
and 15 characters for the older system levels. Check the length of the password.
/ * ** M M I R E C O R D E R R O R * * * /
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
39 (84)
IAS: CHANGE PASSWORD OF OTHER USER ID
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 40/84
The contents of the record are incorrect. Check the alarms.
/ * ** P A SS W OR D C O NT A IN S I N VA L ID C H AR A CT E R S * * */
The specified password contains forbidden characters. The password may contain
capital letters, numbers and most of the other graphic characters. The allowed
characters include ASCII code characters between HEX 21 and HEX 7E.
/ ** * P AS SW OR D I S S AM E A S U SE R I D;
P L E AS E C H OO S E A N OT H ER S T RI N G * * */
The password must not be identical to the user identity. Choose another
password.
/ * ** P A SS W OR D V E RI F IC A TI O N E R R OR * * */
A typing error was made when the password was verified.
/ ** * U SE R I D N OT F OU ND * ** /
The specified user identity was not found in the system. Check the existing user
identities by using the IAI command.
The system may also output a general MML execution error message.
40 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 41/84
8 IAF: CHANGE SERVICE TERMINAL
PASSWORD
Function
Use this command to change the fixed username password of the service
terminal.
Parameters
The command has no parameters.
Syntax
IAF;
Examples
1. Change the fixed username password of the service terminal.
IAF;
Additional information
Note that there may be others who are using the same password in the service
terminal. In this case, inform other users of the password change.
If the password policy feature is on and the given password is not compliant with
the password policy, the following execution error message appears.
/ * ** P A SS W OR D N O T C O MP L IA N T W I TH P O LI C Y * * */
If the password policy feature is on and the given password is found in the
password policy history list or the minimum password validity time has not
elapsed, the following execution error message is displayed.
/ * ** P A SS W OR D H I ST O RY C H EC K IN G F A IL E D * * */
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
41 (84)
IAF: CHANGE SERVICE TERMINAL PASSWORD
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 42/84
Execution printouts
The execution printout of command example 1 is as follows:
The passwords are displayed as the character defined in the parameter file (the
default value is character *).
/ * I D E N T IF Y P A S S W O RD :
M I NI M UM P A SS W OR D L E NG T H I S 6
M A XI M UM P A SS W OR D L E NG T H I S 1 6 * /
N E W P A S S W OR D : * * * * * ** *
V E R I F IC A T I O N: * * * * * ** *
C O M M A ND E X E C U TE D
Execution error messages
/ * ** T O O S H OR T P A S SW O RD * * */
The minimum length of a password is six characters. Check the length of the
password.
/ * ** T O O L O N G P A SS W OR D * * */
The maximum length of a password is 16 characters. Check the length of the
password.
/ * ** F I LE U P DA T I NG E R RO R * * */
The update of the password in the disk has failed. Use the following command to
check whether the necessary file exists:
ZIWX:::BLCODE:DEBUTIGX,IMG;
If the file is not found, contact the system specialist. Otherwise, check the alarms.
/ * ** P A SS W OR D C O NT A IN S I N VA L ID C H AR A CT E R S * * */
The given password contains forbidden characters. The password may contain
capital letters, numbers, and most of the other graphic characters. The allowed
characters include ASCII code characters between HEX 21 and HEX 7E.
The system may also output a general MML execution error message.
42 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 43/84
9 IAQ: RESET LOGIN DELAYS
Function
Use this command to reset all time delays that are set for login.
Use this command when you want to normalise the time delay in user
authentication caused by failed login attempts.
Parameters
The command has no parameters.
Syntax
IAQ;
Examples
1. Reset all time delays in force at login.
IAQ;
Execution error messages
If an error occurs, the system outputs a general MML execution error message.
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
43 (84)
IAQ: RESET LOGIN DELAYS
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 44/84
44 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 45/84
10 IAX: MODIFY MML SESSION IDLE TIME
LIMIT
Function
Use this command to change the time supervision value of the MML session.
Parameters
MML session idle time limit;
Syntax
I A X: [ <M M L S e ss i on i d le t i me l i mi t >| 1 5 d e f] ;
Parameter explanations
MML Session idle time limit
The time supervision value can range from 1 to 60 minutes.
Changing the time supervision value has an immediate effect
on the user's own session. The sessions of other users with the
same profile are affected by the change only after the next
login.
Examples
1. Change the time supervision value of the MML session to 10 minutes.
IAX:10;
Execution printouts
The execution printout generated by the command in example 1 is as follows:
E X E C U TI O N S T A R T ED
/ * T HI S P RO FI LE I S U SE D B Y:
SYS TEM VEH MAA * /
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
45 (84)
IAX: MODIFY MML SESSION IDLE TIME LIMIT
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 46/84
C O NF I RM C O M MA N D E X EC U TI O N: Y / N ? Y
C O M M A ND E X E C U TE D
Semantic error messages
If an error occurs, the system outputs a general MML semantic error message.
Execution error messages
/ * ** M M I R E C O R D E R R O R * * * /
The contents of the record are incorrect. Check the alarms.
The system may also output a general MML execution error message.
46 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 47/84
11 IAK: CHANGE ENCRYPTION METHOD
Function
Use this command to change or output the encryption key used.
Parameters
encryption key number;
Syntax
I A K : [ <e n c r y pt i o n k e y n u m b e r> | L I S T d e f ] ;
Parameter explanations
encryption key number
The generation index of the encryption key that you want to
define as the new key. The index can range from 1 to 100.
The value LIST outputs the encryption key index in use
instead of changing it. This is the default value.
Examples
1. Output the encryption key index in use.
IAK;
2. Change the value of the index to 47.
IAK:47;
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
47 (84)
IAK: CHANGE ENCRYPTION METHOD
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 48/84
Additional information
When a remote session is being established, the encryption key is not valid in the
target system unless the encryption keys in the source and target system are
identical. When the encryption key is being changed, the system asks the user for
verification. It also gives a warning that changing the encryption key may cause
problems for the establishment of the remote session. Every time a remote session
is established in a target system where the password is not valid, the username
and the password must be entered in the terminal.
Execution printouts
The printout generated by the command
IAK;
is as follows:
E X E C U TI O N S T A R T ED
C UR RE NT LY U SE D K EY I S : 3 3
C O M M A ND E X E C U TE D
The printout generated by the command
IAK:47;
is as follows:
E X E C U TI O N S T A R T E D
/ * T H I S M O D I FI C AT I ON M A Y C A US E F A I LU R E I N U S ER
A U T H E NT I C A T I ON W H E N E S T A B LI S H I N G R E M O T E S E S S I ON
BEC AU SE OF D IFFER EN T ENC RYPTI ON KEYS */
C O NF I RM C O M MA N D E X EC U TI O N: Y / N ? Y
C O M M A ND E X E C U TE D
Semantic error messages
If an error occurs, the system outputs a general MML semantic error message.
48 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 49/84
Execution error messages
/ * ** M M I R E C O R D E R R O R * * * /
The contents of the record are incorrect. Check the alarms.
The system may also output a general MML execution error message.
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
49 (84)
IAK: CHANGE ENCRYPTION METHOD
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 50/84
50 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 51/84
12 IAM: CHANGE COMMAND DEFINITIONS
Function
Use this command to change the authorities of an MML command.
Parameters
command:
authority requirement,visibility in MML command log,Q3 notification,security
notification;
Syntax
I AM : < co mm an d> : ( A UT H = < a ut ho r it y> |
V IS IB = ( P U BL IB | P RI VA TE ) |
Q3N = [ YES | N O ) | S ECN = ( Y ES | NO ) ) ... ;
Parameter explanations
command A three-letter MML command whose authority data or
security reporting you want to change.
This parameter is obligatory.
authority requirement
The parameter can have the following value:
AUTH Authority requirement
A new authority requirement given to the MML command.
The value for the requirement is between 1 and 250.
visibility in MML command log
This parameter defines whether a command can be output
from the MML command log by all users.
VISIB Visibility in the MML command log
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
51 (84)
IAM: CHANGE COMMAND DEFINITIONS
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 52/84
PUBLIC The command can be output by all users
allowed to output information on the
commands executed by other users
(medium or complete MML command log
accessibility).
PRIVATE The command can be output by users
having complete MML command log
accessibility.
Regardless of the parameter value, all users are allowed to
output information on the commands executed by them.
Q3 notification This parameter defines whether a notification on command
execution is sent to the Q3 interface control software. If the
value YES is given, the notification is sent. If the value is NO,no message is sent.
security notification
This parameter defines whether the data on the command
execution is collected in the security report. If the value YES
is given, the data is collected. With the value NO, it is not
collected.
Examples
1. Change the authority requirement of the USI MML command to 100 toset its execution to be collected in the report.
Define a notice on the command execution to be sent to the control
software of the Q3 interface.
IAM:USI:AUTH=100,SECN=YES,Q3N=YES;
2. Change the authority requirement of the USI MML command to 100 and
the MML command log visibility to PUBLIC.
IAM:USI:AUTH=100,VISIB=PUBLIC;
Additional information
This command is used to change the authority requirement for all existing
commands, and also for those not included in the software concerned.
If the CAUCNVGX conversion program is not executed in conjunction with the
software build change, the authority requirements of all commands change back
to the default values of software building. The default values are: 250, 200, 150,
100, or 50.
52 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 53/84
Semantic error messages
If an error occurs, the system outputs a general MML semantic error message.
Execution error messages
/ * ** F I LE U P DA T IN G E R RO R * * * /
The update of the modifications in the disk file has failed. Use the commands of
the DE command group to update the authority file of MML commands.
/ * ** M M I R E C O R D E R R O R * * * /
The contents of the record are incorrect. Check the alarms.
/ * ** M M L C O M M AN D N O T F O U N D * * * /
The MML command given is not found in the system. To output the MML
commands of the system class by class, give the IAT command.
/ * ** S Y ST E M E R RO R * * */
There is an error in the file. Check the alarms.
In some error conditions, alarm 2427 (MMI SYSTEM FILE ERROR) is also set.
The alarm indicates the file error more specifically.
The system may also output a general MML execution error message.
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
53 (84)
IAM: CHANGE COMMAND DEFINITIONS
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 54/84
54 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 55/84
13 IAI: INTERROGATE USER IDs,
TERMINALS AND PROFILES
Function
Use this command to interrogate and output the authority data on a user identity,
terminal, or profile.
Parameters
output object:
output type;
Syntax
I AI : ( U SE RI D = [ < us er id > | A LL d ef ] |
T ER MI NA L = [ < t er mi na l i d> | A LL d ef ] |
P RO FI LE = [ < p ro fi le > | A LL d ef ] ) |R EM OT E = [ < us er i d> | AL L d ef ] ) :
[ L IM | COM def ] ;
Parameter explanations
User id The parameter can have the following value:
USERID User identity
The user identity whose data you want to output. The length
of the user identity is six characters.
If you give the value ALL, all user identities and profile
names or profile contents used by them are output, depending
on the specifier given in the second parameter. The default
value is ALL.
Terminal id The parameter can have the following value:
TERMINAL Terminal identifier
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
55 (84)
IAI: INTERROGATE USER IDs, TERMINALS AND PROFILES
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 56/84
The terminal identifier whose data you want to output. The
maximum length of an identifier is six characters.
If you give the value ALL, all terminal identifiers and profile
names or profile contents used by them are output, depending
on the specifier given in the second parameter. During the
output, it is not checked whether all the terminal identifiers
exist in the system concerned.
The default value is ALL.
Profile The parameter can have the following value:
PROFILE Profile identifier
The profile whose data you want to output. The maximum
length of a profile is 10 characters.
If you give the value ALL, all profile names or their contents,
and profile user names and terminal identifiers are output,
depending on the specifier given in the second parameter.
The default value is ALL.
Remote The parameter can have the following value:
REMOTE Remote used identity
The remote user identity whose data you want to output.
If you give the value ALL, all remote user identities are
output. The default value is ALL.
All remote users and their profiles can be found in the
EYELET file.
The EYELET file may not contain the password validity time
if the value cannot be reached from the LDAP server. If thevalue is not known, then validity time line is not printed.
Output type You can use this parameter to choose the output type by
giving one of the values below.
56 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 57/84
LIM Limited
This specifier outputs only the profile
name attached to a user identity or
terminal. The user identities and terminals
using the profile are displayed.
COM Complete
This specifier outputs the contents of a
profile attached to a user identity or a
terminal. When a profile is interrogated,
its contents and users are output. This is
the default value.
Examples
1. Output the users of the profile SUBSTITUTE.
IAI:PROFILE=SUBSTITUTE:LIM;
2. Output the user profiles of all user identities and the contents of the
profiles.
IAI:USERID=ALL:COM;
3. Output the remote user FARUSE and its profiles from the local cache file.
IAI:REMOTE=FARUSE:COM;
Execution printouts
The explanations of the fields in the execution printouts are as follows:
PROFILE NAME
Name of the profile you want to output
REMOTE USER ID
Remote used id from the local cache file
MMI SESSIONS OPEN
Number of the MMI sessions a remote user has opened
COMMAND CLASS AUTHORITIES
Authorities defined in the profile, given separately for each
class
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
57 (84)
IAI: INTERROGATE USER IDs, TERMINALS AND PROFILES
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 58/84
PARALLEL PASSWORD EXISTENCE
Information on whether the users attached to the profile have
a parallel password to be used for remote sessions in order to
access the network elements of the older system level
PASSWORD VALIDITY TIME
Validity time of the password for the profile to be output,
given in days
MINIMUM PASSWORD VALIDITY TIME
The minimum validity time that has to pass from changing the
password before it can be changed again, given in days
(optional parameter)
MML COMMAND LOG ACCESSIBILITY
MML command log accessibility of the profile (or user) youwant to output
UNIQUE PROFILE
Information on whether the profile that was output is a one-
user profile or a normal profile
PASSWORD POLICY NAME
The password policy that is used with this profile (optional
parameter)
PROFILE IS USED BYList of the user identities in which the profile concerned has
been defined
USERID NAME
Name of the user identity you want to output
PASSWORD VALIDITY TIME LEFT
Remaining validity time of the password for the user identity
to be output, given in days
NETWORK USE ALLOWEDInformation on whether the user id is a network or a normal
user identifier
MML SESSION IDLE TIME LIMIT
Time supervision value of the MML session
The printout generated by the command
58 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 59/84
IAI:PROFILE=JANITOR:COM;
is as follows:
P R O F I LE N A M E : J A N I T O R
C O M M A ND C L A S S A U T H O RI T I E S :
A =1 20 B= 10 0 C =1 00 D= 10 0 E= 10 F =1 0 G =1 00 H= 10 0 I =2 00 J= 10 0
K =1 00 L =1 00 M =1 50 N =1 0 0 O= 1 50 P =1 00 Q =1 50 R =1 00 S =2 00 T =1 00
U =1 00 V = 10 0 W =8 0 X =1 0 0 Y= 8 0
P A R A L LE L P A S S W OR D E X I S T EN C E : Y E S
P A SS W OR D V A LI D IT Y T I ME : 3 0 D A Y (S )
M I NI M UM P A SS W OR D V A LI D IT Y T I ME : 1 0 D A Y (S )
M M L C O M M A ND L O G A C C E SS I B I L IT Y : L I M I T ED
U N IQ U E P R OF I LE : N O
N E TW O RK U S E A L LO W ED : N O
M M L S E S S I ON I D LE T I ME L I M IT : 1 5 M I N (S )
P A S S W OR D P O L I C Y N A M E : P P O L I C Y
P R OF I LE I S U S ED B Y : B A TM A N, T A RZ A N, S U PM A N
C O M M A ND E X E C U TE D
The printout generated by the command
IAI:USERID=ASMITH:COM;
is as follows:
U SE R ID : A SM IT H
P R O F I LE N A M E : H I G H R IG H T S
C O M M A ND C L A S S A U T H O RI T I E S :
A =2 50 B = 2 50 C = 2 50 D = 2 50 E = 2 50 F =2 50 G = 2 50 H = 2 50 I = 2 50 J = 2 50
K =2 50 L = 2 50 M = 2 50 N = 2 50 O = 2 50 P =2 50 Q = 2 50 R = 2 50 S = 2 50 T = 2 50
U = 25 0 V = 25 0 W = 2 50 X = 25 0 Y = 25 0
P A R A L LE L P A S S W OR D E X I S T EN C E : N O
P A SS W OR D V A LI D IT Y T I ME L E FT : 2 1 D A Y (S )
M I NI M UM P A SS W OR D V A LI D IT Y T I ME : 1 0 D A Y (S )
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
59 (84)
IAI: INTERROGATE USER IDs, TERMINALS AND PROFILES
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 60/84
M M L C O MM A ND L O G A C CE S SI B I LI T Y: L I MI T E D
U N IQ U E P R OF I LE : N O
M M L S E S S I ON I D LE T I M E L I M I T: 1 5 M I N (S )
P A SS W OR D P O LI C Y N A ME : P P O LI C Y
N E TW O RK U S E A L LO W E D: Y E S
C O M M A ND E X E C U TE D
The printout generated by the command
IAI:PROFILE=ALL:LIM;
is as follows:
E X E C U TI O N S T A R T E D
PROFILE: USER BY:
============================
JANITOR BATMAN, TARZA N, SU PM AN
MANAGER GEORGE
SMANAGER
HEADMASTER HOMERS
C O M M A ND E X E C U TE D
The printout generated by the command
IAI:REMOTE=FARUSE:COM;
is as follows:
R E MO T E U S E R A N D I T S P R O F I LE F R OM L O CA L C A CH E F I LE :
R E MO T E U S ER I D : F A RU S E
M M I S E S S I ON S O P EN : 2
C O M M A ND C L A S S A U T H O RI T I E S :
A =2 50 B = 2 50 C = 2 50 D = 2 50 E = 2 50 F =2 50 G = 2 50 H = 2 50 I = 2 50 J = 2 50
K =2 50 L = 2 50 M = 2 50 N = 2 50 O = 2 50 P =2 50 Q = 2 50 R = 2 50 S = 2 50 T = 2 50
U = 25 0 V = 25 0 W = 25 0 X = 25 0 Y = 2 50
P A SS W OR D V A LI D IT Y T I ME L E FT : 2 1 D A Y (S )
M M L S E S S I ON I D LE T I M E L I M I T: 1 5 M I N (S )
M M L C O MM A ND L O G A C CE S SI B I LI T Y: L I MI T E D
60 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 61/84
C O M M A ND E X E C U TE D
The printout generated by the command
IAI:REMOTE=FARUSE:LIM;
is as follows:
.. .
USER ID: SESSIONS OPEN:
=================================
FARUSE 2
C O M M A ND E X E C U TE D
Semantic error messages
If an error occurs, the system outputs a general MML semantic error message.
Execution error messages
/ * ** P R OF I LE N O T F O U N D * * */
The given profile cannot be found in the system.
/ * ** T E RM I NA L D O ES N O T E X I S T * * */
The given terminal identifier cannot be found in the system.
/ ** * U SE R I D N OT F OU ND * ** /
The given user identity cannot be found in the system.
The system may also output a general MML execution error message.
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
61 (84)
IAI: INTERROGATE USER IDs, TERMINALS AND PROFILES
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 62/84
62 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 63/84
14 IAT: INTERROGATE COMMAND
DEFINITIONS
Function
Use this command to output all the commands, along with their authority data,
which belong to the command group you want to interrogate.
You can also use this command to output information on Q3 reporting, MML
command log visibility, and security reporting.
Parameters
command group;
Syntax
I A T : [ <c o m m a nd g r o u p >| A L L d e f ] ;
Parameter explanations
command group The identifier of the command group you want to output (two
characters).
If you enter ALL instead of the command group, the
information on all commands is output. ALL is the default
value of the parameter.
Examples
1. Output all the commands that belong to the CE command group along
with their authority and reporting data.
IAT:CE;
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
63 (84)
IAT: INTERROGATE COMMAND DEFINITIONS
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 64/84
Additional information
The system does not check whether the commands that are output in MML
programs exist. Thus, the printouts can contain commands that are not available
in the application concerned.
If the CAUCNVGX conversion program is not run together with the software
build change, the authority requirements for all commands are changed to the
default values of software building. The default values are: 250, 200, 150, 100, or
50.
Execution printouts
The execution printout generated by the command
IAT:CE;
is as follows:
C O M M A ND A U T H O RI T I E S :
COMMAND AU TH OR ITY VISIBILITY Q3 S EC UR ITY
REQUIREMENT NOTIFY NOTIFY
CEC 150 PUB LI C NO NO
CEL 50 PUB LI C NO NO
C O M M A ND E X E C U TE D
Semantic error messages
If an error occurs, the system outputs a general MML semantic error message.
Execution error messages
/ * ** C O MM A ND C L A SS N O T F O UN D * * */
The given command class cannot be found.
/ * ** S Y ST E M E R RO R * * */
There is an error in the file. Check the alarms.
The system may also output a general MML execution error message.
64 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 65/84
15 IAL: INTERROGATE ALLOWED
COMMANDS
Function
Use this command to output the commands that are available for the user identity
utilised in the MML session and for the authorities of the MML terminal used.
Parameters
The command has no parameters.
Syntax
IAL;
Examples
1. Output the commands that are available for the user identity used in theMML session in the given terminal.
IAL;
Additional information
The command does not check whether the commands output in the MML
programs exist. Therefore, the output may include commands that are not
available in the given application.
Execution printouts
An execution printout generated by the command
IAL;
in an OMU is as follows:
C O MM A ND S A L LO W ED I N T H I S D I AL O GU E S E S SI O N
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
65 (84)
IAL: INTERROGATE ALLOWED COMMANDS
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 66/84
CEC C EL CEP CET
CRC C RI CRL CRM
DCA D CC DCD DCS
TMC T MD TME TMI TMM TMS
C O M M A ND E X E C U TE D
Semantic error messages
If an error occurs, the system outputs a general MML semantic error message.
Execution error messages
/ * ** S Y ST E M E R RO R * * */
There is an error in the file. Check the alarms.
/ ** * U SE R I D N OT F OU ND * ** /
The user identity cannot be found in the system. Check the alarms.
The system may also output a general MML execution error message.
66 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 67/84
16 IAB: BLOCK/UNBLOCK COMMAND
Function
Use this command to block or unblock MML commands. Blocking can be
complete or it may only concern execution from the command calendar.
Parameters
command:
blocking type;
Syntax
I AB : < co mm an d> :
( E XEC = ( YE S | N O ) | COMCAL = ( Y ES | NO ) ) ;
Parameter explanations
command The MML command you want to block. The length of the
parameter is three characters.
This parameter is obligatory.
command execution (un)blocking
The parameter can have the following value:
EXEC Blocking or unblocking of command
execution
This parameter defines the blocking or unblocking of
command execution. With the value YES, the command is
blocked and with the value NO, it is unblocked. A command
blocked in this way cannot be run from the command
calendar.
command calendar execution (un)blocking
The parameter can have the following value:
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
67 (84)
IAB: BLOCK/UNBLOCK COMMAND
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 68/84
COMCAL Blocking or unblocking of the command's
command calendar execution
This parameter defines the blocking or unblocking of the
command's command calendar execution. With the value
YES, the command is blocked and with the value NO, it is
unblocked.
Examples
1. Unblock the IAD command from the command calendar blocking.
IAB:IAD:COMCAL=NO;
2. Block the command calendar execution of the IAD command.
IAB:IAD:EXEC=YES;
Additional information
When you use the EXEC parameter to block command execution, blocking also
concerns execution from the command calendar. When a command is unblocked,
the command calendar execution is also unblocked. If command execution is
separately blocked from the command calendar by using the COMCAL
parameter, this blocking cannot be released by using the EXEC parameter.
Execution printouts
The execution printout of command example 2 is as follows:
E X EC U TI O N O F C O M MA N D I A D B L OC K ED
C O M M A ND E X E C U TE D
The execution printout of the command
IAB:IAL:COMCAL=NO;
is as follows:
C O MM A ND C A LE N DA R E X EC U TI O N O F C O MM A ND I A L U N BL O CK E D
C O M M A ND E X E C U TE D
With this command the execution of the IAL command from the command
calendar was allowed.
68 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 69/84
Semantic error messages
If an error occurs, the system outputs a general MML semantic error message.
Execution error messages
/ * ** B L OC K IN G O F B L OC K IN G C O MM A ND I S N O T A L L O WE D * * */
The IAB command cannot be blocked.
/ * ** C O MM A ND N O T F O U N D * * */
The given command cannot be found in the MMI system. You can use the IATcommand to output the commands of the MMI system.
/ * ** F I LE U P DA T IN G E R RO R * * * /
The update of the modification in the disk file has failed. Use the commands of
the DE command group to update the authority file of the MML commands.
/ * ** M M I R E C O R D E R R O R * * * /
The contents of the record are incorrect. Check the alarms.
/ * ** S Y ST E M E R RO R * * */
There is an error in the file. Check the alarms.
The system may also output a general MML execution error message.
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
69 (84)
IAB: BLOCK/UNBLOCK COMMAND
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 70/84
70 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 71/84
17 IAO: INTERROGATE BLOCKED
COMMANDS
Function
Use this command to output blocked commands.
Parameters
command group;
Syntax
I A O : [ <c o m m a nd g r o u p >| A L L d e f ] ;
Parameter explanations
command group The command group whose blocked commands you want to
output. If you give ALL as the parameter value instead of a command group, all blocked commands are listed.
The default value is ALL.
Examples
1. Output the blocked commands in the AB command group.
IAO:AB;
2. Output all blocked commands.
IAO:ALL;
Additional information
The system does not check whether the commands that are output in the MML
programs exist. Therefore, the output may list commands that are not available in
the application concerned.
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
71 (84)
IAO: INTERROGATE BLOCKED COMMANDS
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 72/84
Execution printouts
The execution printout generated by the command
IAO:US;
is as follows:
B L O C K ED C O M M A ND E X E C UT I O N :
COMMAND EXEC COM CA L
================================
USI BLOCKED -
USS - BLOCKED
USW - BLOCKED
C O M M A ND E X E C U TE D
Semantic error messages
If an error occurs, the system outputs a general MML semantic error message.
Execution error messages
/ * ** C O MM A ND G R O UP N O T F O UN D * * */
The command group cannot be found in the system. You can use the IAT
command to output the command groups of the system.
/ * ** S Y ST E M E R RO R * * */
There is a file error. Check the alarms.
The system may also output a general MML execution error message.
72 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 73/84
18 IAJ: CONFIGURE DIRECTORY CLIENT
Function
Use this command to activate or deactivate the directory service. If needed, define
also the basic configuration data of the directory server where the actual
configuration data is received from. The primary and secondary server can be
configured separately. The DN path to the configuration data and the DN pathwhere the user is authenticated when the LDAP configuration is fetched are
given.
Parameters
directory client state:
directory type:
IPv4 address,IPv6 address,port:
base entry :
DN path to configuration data;
Syntax
I A J: S T AT E = (O N | O F F) : T YP E = (P R I d e f | S E C) : ( IP V 4= < di r e ct o ry I P v4 a d dr e ss > |
I P V 6 = <d i r e c to r y I P v 6 a d d r e s s > ) , PO R T = < p or t n u m b e r | 3 8 9 d e f > : < b a s e e n t r y > : < D N p a t h t o
c o n f i gu r a t i on d a t a > ;
Parameter explanations
directory client state
This parameter defines whether the directory service is
activated or not.
The parameter is obligatory and it may have the values ON or
OFF. If you give the value OFF, it is not possible to give other
parameters.
directory type This parameter defines the type of the directory.
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
73 (84)
IAJ: CONFIGURE DIRECTORY CLIENT
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 74/84
The parameter can have the following values:
PRI Primary
SEC Secondary
If this parameter is not given when the state is set to ON, the
data in the JOINUS file is used. If JOINUS has no data, an
error message is printed.
IPv4 address The IP address of the directory server is specified in decimal
notation in quotation marks (#.#.#.#.). The range of values
for each part of the address is from zero to 255.
IPv6 address The IP address of the directory server is specified in
hexadecimal notation in quotation marks (#:#:#:#:#:#:#:#).
The range of values for each part of the address is from zero
to FFFF.
port This parameter defines the port number for the directory
server. The default port for the LDAP is 389.
base entry The base entry is used for directory operations. The DN used
for fetching the definitive configuration data is formatted by
using this value and the username of the network element.
DN path to configuration data The DN path where the user is authenticated when the LDAP
configuration is fetched.
Examples
1. Activate the directory client.
The IP address of the LDAP server containing the LDAP data is
127.11.123.1 and the used port is 389. The base entry is dc=nokia,
dc=com". The DN path to the configuration data is cn=primary,
ou=ldapconfdata,ou=root,dc=nokia,dc=com.
IAJ:STATE=ON:TYPE=PRI:IPV4="127.11.123.1",PORT=389:"dc=nokia,dc=com":"CN=PRIMARY,OU=LDAPCONFDATA,OU=ROOT,DC=NOKIA,DC=COM";
2. Inactivate the directory client.
74 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 75/84
IAJ:STATE=OFF; ... THIS COMMAND DISABLES CENTRALIZED
USER AUTHENTICATION DO YOU WANT TO CONTINUE? (Y/N) YCOMMAND EXECUTED
Semantic error messages
/ * ** I P A D DR E SS I S I L LE G AL * * */
You gave the IP address in the wrong format.
Check whether the IPv4 address has four parts separated by dots and whether it is
in quotation marks (#.#.#.#.#). Make sure that none of the parts in the address
exceed the upper limit of 255.
Check whether the IPv6 address has eight parts separated by colons and whether
it is in quotation marks (#:#:#:#:#:#:#:#). Make sure that none of the parts in theaddress exceed the upper limit of FFFF.
The system may also output a general MML semantic error message.
Execution error messages
If an error occurs, the system outputs a general MML execution error message.
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
75 (84)
IAJ: CONFIGURE DIRECTORY CLIENT
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 76/84
76 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 77/84
19 IAU: REFRESH DIRECTORY CLIENT
CONFIGURATION DATA
Function
Use this command to refresh the directory client configuration data.
Parameters
The command has no parameters.
Syntax
IAU:;
Examples
1. Refresh the configuration data.
IAU:;
Semantic error messages
If an error occurs, the system may output a general MML semantic error message.
Execution error messages
If an error occurs, the system outputs a general MML execution error message.
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
77 (84)
IAU: REFRESH DIRECTORY CLIENT CONFIGURATION DATA
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 78/84
78 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 79/84
20 IAV: INTERROGATE DIRECTORY CLIENT
CONFIGURATION DATA
Function
Use this command to interrogate the directory client configuration data.
Parameters
directory type:
configuration data type;
Syntax
I A V: T YP E = (S E RV E R- 0 | S E RV E R- 1 | S T A TU S | A L L d e f ) : (C O M | L I M d e f ) ;
Parameter explanations
configuration data type
Use this parameter to specify what kind of directory
configuration data you want to display.
The parameter may have the values SERVER, STATUS or
ALL. When you give the value ALL, all configuration data is
displayed. With the value STATUS, the data of the
configuration server is displayed. With the value SERVER,
the data of the directory server used for the ongoing directory
operations is displayed.
The parameter is obligatory.
Examples
1. Display all the configuration data.
IAV:TYPE=ALL:COM;
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
79 (84)
IAV: INTERROGATE DIRECTORY CLIENT CONFIGURATION DATA
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 80/84
Execution printouts
The following abbreviations are used in the execution printout:
IP ADDRESS IP address of the directory server
PORT Port of the directory server
BASE ENTRY Base entry used for the directory operations
The execution printout of command example 1 is as follows:
P R I M A RY L D A P D I R E C TO R Y
=======================
I P A D D R E SS : 1 3 9 . 1 6 5. 1 0 . 1
PORT N BR: 389
D N P A T HS
B A S E E N T R Y :
dc=nokia,dc=com
CONFIGURATION:
c n = p r im a r y , o u = L d a pC o n f i gu r a t i on D a t a , d c = n o ki a , d c = co m
N E T Y P E:
o u = I P A2 8 0 0 , o u = A u t ho r i z a ti o n , d c = n o ki a , d c = co m
A C C E S S L I S T :
o u = N e Ac c e s s Se t , o u = A ut h o r i za t i o n , d c = n o k ia , d c = c om
PRINCIPALS:
o u = P r in c i p a lS e t , o u = A u t ho r i z a t io n , d c = n o ki a , d c = co m
S E C O N DA R Y L D A P D I R E C TO R Y
=========================
I P A D D R E SS : 1 3 9 . 1 6 5. 1 0 . 2
PORT N BR: 389
D N P A T HS
B A S E E N T R Y :
dc=nokia,dc=com
CONFIGURATION:c n = p r im a r y , o u = L d a pC o n f i gu r a t i on D a t a , d c = n o ki a , d c = co m
N E T Y P E:
o u = I P A2 8 0 0 , o u = A u t ho r i z a ti o n , d c = n o ki a , d c = co m
A C C E S S L I S T :
o u = N e Ac c e s s Se t , o u = A ut h o r i za t i o n , d c = n o k ia , d c = c om
PRINCIPALS:
o u = P r in c i p a lS e t , o u = A u t ho r i z a t io n , d c = n o ki a , d c = co m
80 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 81/84
F E A T U RE A C T I V AT I O N S T A T U S
==========================
D I R E C TO R Y C L I E N T A C T I V A T I O N S T A T U S : A C T I V E
C E N T R AL I Z E D U S E R A U T H E NT I C A T IO N A N D A U T H O R IZ A T I O N S T A T U S : A C T I VE
C O M M A ND E X E C U TE D
ZIAV:TYPE=ALL:LIM;
P R I M A RY L D A P D I R E C TO R Y
=======================
I P A D D R E SS : 1 3 9 . 1 65 . 1 0 . 1
PORT NBR: 3 89
S E C O N DA R Y L D A P D I R E C TO R Y=========================
I P A D D R E SS : 1 3 9 . 1 65 . 1 0 . 2
PORT NBR: 3 89
F E A T U RE A C T I V AT I O N S T A T U S
==========================
D I R E C TO R Y C L I E N T A C T I V A T I O N S T A T U S : A C T I V E
C E N T R AL I Z E D U S E R A U T H E NT I C A T IO N A N D A U T H O R IZ A T I O N S T A T U S : A C T I VE
C O M M A ND E X E C U TE D
Semantic error messages
If an error occurs, the system outputs a general MML semantic error message.
Execution error messages
If an error occurs, the system outputs a general MML execution error message.
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
81 (84)
IAV: INTERROGATE DIRECTORY CLIENT CONFIGURATION DATA
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 82/84
82 (84) # Nokia CorporationNokia Proprietary and Confidential
dn9815537Issue 21-0 en
IA - MMI System Authority Handling
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 83/84
21 IAN: CONFIGURE CENTRALISED USER
AUTHENTICATION AND
AUTHORIZATION
Function
Use this command to configure centralised user authentication.
Parameters
centralised authentication;
Syntax
IAN : ( ON | O FF ) ;
Parameter explanations
centralised authentication
The centralised user authentication is either enabled or
disabled.
The status of the operation is promted.
Examples
1. Centralised user authentication is enabled.
IAN:ON;
2. Centralised user authentication is disabled.
IAN:OFF;
Semantic error messages
If an error occurs, the system outputs a general MML semantic error message.
dn9815537Issue 21-0 en
# Nokia CorporationNokia Proprietary and Confidential
83 (84)
IAN: CONFIGURE CENTRALISED USER AUTHENTICATION AND AUTHORIZATION
8/3/2019 Zia - Mmi System Authority Handling
http://slidepdf.com/reader/full/zia-mmi-system-authority-handling 84/84
Execution error messages
If an error occurs, the system outputs a general MML execution error message.
IA - MMI System Authority Handling