...
| Code Block |
|---|
Usage: oprbac_admin.pl act=[action to take] [extras...] oprbac_admin.pl act=list-{users|roles|privs|objects} [verbose=0] verbose: include data beyond name and description oprbac_admin.pl act=export-{user|role|priv|object} {name=...|path=...} [file=path] file: save JSON to file, otherwise printed to STDOUT. oprbac_admin.pl act=delete-{user|role|priv|object} {name=...|path=...} deletes the indicated record. oprbac_admin.pl act={create|update}-{user|role|priv|object} [name=...] [description=...] [property.zyxxyz=...] [file=path] file: read JSON from file and update record with that data. property: each property value can be a deeper structure encoded in JSON, set to 'undef' if property no longer wanted oprbac_admin.pl act=update-user {name=...} [roles|privileges][=|+=|-=]name[,...] oprbac_admin.pl act=update-role {name=...} privileges[=|+=|-=]name[,...] = replaces, += adds and -= removes the named roles or privileges. comma-separated lists of names are supported. oprbac_admin.pl act=check-access user=userX action=actionY object=pathZ [verbose=0] returns 1 if the user is authorized to perform the given action. oprbac_admin.pl act=prune-orphans removes unused orphaned privilege entries. |
...
In the GUI you should now see that group “Branches” has a new role listed with read permissions. The privilege “group_branches_read” could be used to access to other objects as well.
The oprbac_admin actions exist for update as well .pl also allows updates so if the role in question already exists and you want to add a new privilege just use use act=update-role and either set or add the new privilege (with privileges=<newpriv> or privileges+=<newpriv>, respectively).
Add or edit Role properties (opCharts 3.0.7 and later)
...