modify_role

Modifies an existing Enterprise Manager administrator role.

Note:

To leave a current value unchanged, do not include the corresponding argument. For example, if you are not modifying the role's description, do not include -description.

To update a role and add targets to the role, use the grant_privs verb.

Format

emcli modify_role
      -name="role_name"
      [-description="description"]
      [-roles="role1;role2;..."]
      [-privilege="name[;secure-resource-details]]"
      [-separator=privilege="sep_string"]
      [-subseparator=privilege="subsep_string"]
      [-users="user1;user2;..."]

[ ]  indicates that the parameter is optional

Options

  • name

    The name of the role to modify.

  • description

    The updated description of the role.

  • roles

    A list of roles to assign to the specified role. Currently, "PUBLIC" is the only built-in role.

  • privilege

    A privilege to grant to this role. This option may be specified more than once. Note that privilege names are case-insensitive. Specify <secure_resource_details> as follows:

    resource_guid|[resource_column_name1=resource_column_value1[:resource_column_name2=resource_column_value2]..]"

    Note: Privileges are case-insensitive.

    To retrieve the list SYSTEM privileges, which do not require resource information, execute the following emcli command:

    emcli get_supported_privileges -type=SYSTEM

    To retrieve the complete list of privileges and resource column names, execute the following emcli command:

    emcli get_supported_privileges

    To retrieve the list of target type privileges, execute the following emcli command

    emcli get_supported_privileges -type=TARGET

    To get the list of job privileges, execute the following emcli command

    emcli get_supported_privileges -type=JOB

  • separator

    Specify a string delimiter to use between name-value pairs for the value of the -privilege option. The default separator delimiter is a semi-colon ( ; ).

  • subseparator

    Specify a string delimiter to use between name and value in each name-value pair for the value of the -privilege option. The default subseparator delimiter is a colon ( : ).

  • users

    A list of users to whom this role is assigned. <subseparator:>WITH_ADMIN should be suffixed if the role needs to granted by WITH_ADMIN option.

Exit Codes

0 if successful. A non-zero value indicates that verb processing was unsuccessful.

Examples

Example 1

This example modifies a role named existing_role with the one-sentence description "This role was changed." The role combines three existing roles: role1, role2, and role3. The role also has two added privileges: to view the job with ID 923470234ABCDFE23018494753091111 and to view the target host1.example.com:host. The role is granted to johndoe and janedoe. 

emcli modify_role
      -name="existing_role"
      -desc="This role was changed"
      -roles="role1;role2;role3"
      -privilege="view_job;923470234ABCDFE23018494753091111"
      -privilege="view_target;host1.example.com:host"
      -users="johndoe;janedoe"

Example 2

This example modifies a role named existing_role by assigning role4, role5, and role6 to it. The description, privileges, and users associated with this role remain unchanged. 

emcli modify_role
      -name="existing_role"
      -roles="role4;role5;role6"