create_role

Creates a new Enterprise Manager admininistrator role.

Standard Mode

emcli create_role
        -name="role_name"
        [-type="type_of_role"]
        [-description="description"]
        [-roles="role1;role2;..."]
        [-users="user1;user2;..."]
        [-privilege="name[;secure_resource_details]]"
        [-separator=privilege="sep_string"]
        [-subseparator=privilege="subsep_string"]

[ ]  indicates that the parameter is optional

Interactive or Script Mode

create_role
        (name="role_name"
        [,type="type_of_role"]
        [,description="description"]
        [,roles="role1;role2;..."]
        [,users="user1;user2;..."]
        [,privilege="name[;secure_resource_details]]"
        [,separator=privilege="sep_string"]
        [,subseparator=privilege="subsep_string"]
        )

[ ]  indicates that the parameter is optional

Options

  • name

    Role name.

  • type

    Type of role. The default value for this option is EM_ROLE. Other possible values for this parameter are EM_ROLE and EXTERNAL_ROLE.

  • description

    Description of the role.

  • roles

    List of roles to assign to this new role. Currently, the only built-in role is PUBLIC.

  • users

    List of users to whom this role is assigned. If the role must be granted with the WITH_ADMIN option, include the <subseparator:>WITH_ADMIN option.

  • privilege

    Privilege to grant to this role. You can specify this option more than once. Note: Privileges are case-insensitive.

    Specify <secure_resource_details> as follows:

    resource_guid|[resource_column_name1=resource_column_value1[:resource_column_name2=resource_column_value2]..]"

    To get the list of SYSTEM privileges, which do not require resource information, execute the following emcli command:

    emcli get_supported_privileges -type=SYSTEM

    To get the complete list of privileges and resource column names, execute the following emcli command:

    emcli get_supported_privileges

    To get the list of target type privileges, execute the following emcli command:

    emcli get_supported_privileges -type=TARGET

    To get the list of job privileges, execute the following emcli command:

    emcli get_supported_privileges -type=JOB

  • separator

    Specify a string delimiter to use between name-value pairs for the value of the privilege option. The default separator delimiter is ";" .

    For example: separator="<attribute_name=sep_char>"

    where attribute_name is the name of the attribute for which you want to override the separator character and sep_char is the new separator character: separator="att=#"

  • subseparator

    Specify a string delimiter to use between name and value in each name-value pair for the value of the privilege option. The default separator delimiter is ";" .

    For example: subseparator="<attribute_name=sep_char>"

    where attribute_name is the name of the attribute for which you want to override the separator character and sep_char is the new subseparator character: subseparator="att=#"

    For information about overriding the separator or subseparator, see "Overriding the Separator and Subseparator".

Examples

These examples create a role named my_new_role with the one-sentence description - "This is a new role called my_new_role". The role combines three existing roles: role1, role2, and role3. The role also has two added privileges: to view the job with ID 923470234ABCDFE23018494753091111 and to view the target host1.example.com:host. The role is granted to johndoe and janedoe.

Example 1 - Command-Line

emcli create_role
      -name="my_new_role"
      -desc="This is a new role called my_new_role"
      -roles="role1;role2;role3"
      -privilege="view_job;923470234ABCDFE23018494753091111"
      -privilege="view_target;host1.example.com:host"
      -users="johndoe;janedoe"

Example 2 - Scripting and Interactive

create_role
      (name="my_new_role"
      ,desc="This is a new role called my_new_role"
      ,roles="role1;role2;role3"
      ,privilege="view_job;923470234ABCDFE23018494753091111"
      ,privilege="view_target;host1.example.com:host"
      ,users="johndoe;janedoe")

These examples create a role named my_external_role with a role type of EXTERNAL_ROLE and one-sentence description of "This is an external role."

Example 3 - Command-Line

emcli create_role
      -name="my_external_role"
      -type="EXTERNAL_ROLE"
      -desc="This is an external role"

Example 4 - Scripting and Interactive

create_role
      (name="my_external_role"
      ,type="EXTERNAL_ROLE"
      ,desc="This is an external role")