modify_role
Modifies an existing Enterprise Manager administrator role.
Note:
To leave a current value unchanged, do not include the corresponding argument. For example, if you are not modifying the role's description, do not include -description
.
To update a role and add targets to the role, use the grant_privs verb.
Format
emcli modify_role -name="role_name" [-description="description"] [-roles="role1;role2;..."] [-privilege="name[;secure-resource-details]]" [-separator=privilege="sep_string"] [-subseparator=privilege="subsep_string"] [-users="user1;user2;..."] [ ] indicates that the parameter is optional
Options
-
name
The name of the role to modify.
-
description
The updated description of the role.
-
roles
A list of roles to assign to the specified role. Currently, "PUBLIC" is the only built-in role.
-
privilege
A privilege to grant to this role. This option may be specified more than once. Note that privilege names are case-insensitive. Specify <secure_resource_details> as follows:
resource_guid|[resource_column_name1=resource_column_value1[:resource_column_name2=resource_column_value2]..]"
Note: Privileges are case-insensitive.
To retrieve the list SYSTEM privileges, which do not require resource information, execute the following emcli command:
emcli get_supported_privileges -type=SYSTEM
To retrieve the complete list of privileges and resource column names, execute the following emcli command:
emcli get_supported_privileges
To retrieve the list of target type privileges, execute the following emcli command
emcli get_supported_privileges -type=TARGET
To get the list of job privileges, execute the following emcli command
emcli get_supported_privileges -type=JOB
-
separator
Specify a string delimiter to use between name-value pairs for the value of the -privilege option. The default separator delimiter is a semi-colon ( ; ).
-
subseparator
Specify a string delimiter to use between name and value in each name-value pair for the value of the -privilege option. The default subseparator delimiter is a colon ( : ).
-
users
A list of users to whom this role is assigned. <subseparator:>WITH_ADMIN should be suffixed if the role needs to granted by WITH_ADMIN option.
Exit Codes
0 if successful. A non-zero value indicates that verb processing was unsuccessful.
Examples
Example 1
This example modifies a role named existing_role
with the one-sentence description "This role was changed
." The role combines three existing roles: role1
, role2
, and role3
. The role also has two added privileges: to view the job with ID 923470234ABCDFE23018494753091111
and to view the target host1.example.com:host
. The role is granted to johndoe
and janedoe
.
emcli modify_role -name="existing_role" -desc="This role was changed" -roles="role1;role2;role3" -privilege="view_job;923470234ABCDFE23018494753091111" -privilege="view_target;host1.example.com:host" -users="johndoe;janedoe"
Example 2
This example modifies a role named existing_role
by assigning role4
, role5
, and role6
to it. The description, privileges, and users associated with this role remain unchanged.
emcli modify_role -name="existing_role" -roles="role4;role5;role6"