Datapower RBM Best Practice Template

 
<?xml version="1.0" encoding="UTF-8"?>

<rbm-templates>
    <rbm-template name="developer" privileged="false">
        <access-policy>*/DOMAIN_ID/*?Access=rwadx</access-policy>
    </rbm-template>
    <rbm-template name="developer" privileged="true">
        <access-policy>*/*/*?Access=rwadx</access-policy>
        <access-policy>*/*/access/change-password?Access=x</access-policy>
        <access-policy>*/*/access/radius?Access=r</access-policy>
        <access-policy>*/*/access/rbm?Access=r</access-policy>
        <access-policy>*/*/access/snmp?Access=r</access-policy>
        <access-policy>*/*/access/usergroup?Access=r</access-policy>
        <access-policy>*/*/access/username?Access=r</access-policy>
        <access-policy>*/*/config/domain?Access=r</access-policy>
        <access-policy>*/*/config/save-config?Access=x</access-policy>
        <access-policy>*/*/device/apply-patch?Access=NONE</access-policy>
        <access-policy>*/*/device/shutdown?Access=NONE</access-policy>
        <access-policy>*/*/file/store?Access=r</access-policy>
        <access-policy>*/*/network/dns?Access=r</access-policy>
        <access-policy>*/*/network/interface?Access=r</access-policy>
        <access-policy>*/*/network/network?Access=r</access-policy>
        <access-policy>*/*/network/ntp-service?Access=r</access-policy>
        <access-policy>*/*/system/failure-notification?Access=r</access-policy>
        <access-policy>*/*/system/system?Access=r</access-policy>
    </rbm-template>    

    <rbm-template name="guest" privileged="false">
        <access-policy>*/DOMAIN_ID/*?Access=r</access-policy>
        <access-policy>*/DOMAIN_ID/access/change-password?Access=x</access-policy>
    </rbm-template>
    
    <rbm-template name="guest" privileged="true">
        <access-policy>*/*/*?Access=r</access-policy>
        <access-policy>*/*/access/change-password?Access=x</access-policy>
    </rbm-template>
    
    <rbm-template name="backup" privileged="false">
        <access-policy>*/DOMAIN_ID/access/change-password?Access=x</access-policy>
        <access-policy>*/DOMAIN_ID/config/backup?Access=x</access-policy>
        <access-policy>*/DOMAIN_ID/config/remove-chkpoint?Access=x</access-policy>
        <access-policy>*/DOMAIN_ID/config/rollback-chkpoint?Access=x</access-policy>
        <access-policy>*/DOMAIN_ID/config/save-chkpoint?Access=x</access-policy>
        <access-policy>*/DOMAIN_ID/login/ssh?Access=x</access-policy>
        <access-policy>*/DOMAIN_ID/login/telnet?Access=x</access-policy>
        <access-policy>*/DOMAIN_ID/login/web-mgmt?Access=x</access-policy>
        <access-policy>*/DOMAIN_ID/status/chkpoints?Access=r</access-policy>
    </rbm-template>
    <rbm-template name="backup" privileged="true">
        <access-policy>*/*/access/change-password?Access=x</access-policy>
        <access-policy>*/*/config/backup?Access=x</access-policy>
        <access-policy>*/*/config/remove-chkpoint?Access=x</access-policy>
        <access-policy>*/*/config/rollback-chkpoint?Access=x</access-policy>
        <access-policy>*/*/config/save-chkpoint?Access=x</access-policy>
        <access-policy>*/*/login/ssh?Access=x</access-policy>
        <access-policy>*/*/login/telnet?Access=x</access-policy>
        <access-policy>*/*/login/web-mgmt?Access=x</access-policy>
        <access-policy>*/*/status/chkpoints?Access=r</access-policy>
    </rbm-template>
    
    <rbm-template name="access" privileged="true">
        <access-policy>*/*/access/change-password?Access=x</access-policy>
        <access-policy>*/*/access/radius?Access=rwad</access-policy>
        <access-policy>*/*/access/rbm?Access=rw</access-policy>
        <access-policy>*/*/access/usergroup?Access=rwad</access-policy>
        <access-policy>*/*/access/username?Access=rwad</access-policy>
        <access-policy>*/*/config/domain?Access=rw</access-policy>
        <access-policy>*/*/config/save-config?Access=x</access-policy>
        <access-policy>*/*/debug/set-loglevel?Access=x</access-policy>
        <access-policy>*/*/debug/set-rbmlog?Access=x</access-policy>
        <access-policy>*/*/login/ssh?Access=x</access-policy>
        <access-policy>*/*/login/telnet?Access=x</access-policy>
        <access-policy>*/*/login/web-mgmt?Access=x</access-policy>
        <access-policy>*/*/mgmt/ssh?Access=rw</access-policy>
        <access-policy>*/*/mgmt/telnet?Access=rwad</access-policy>
        <access-policy>*/*/mgmt/web-mgmt?Access=rw</access-policy>
        <access-policy>*/*/mgmt/xml-mgmt?Access=rw</access-policy>
    </rbm-template>

    <rbm-template name="account" privileged="true">
        <access-policy>*/*/access/change-password?Access=x</access-policy>
        <access-policy>*/*/access/usergroup?Access=rwadx</access-policy>
        <access-policy>*/*/access/username?Access=rwadx</access-policy>
        <access-policy>*/*/access/username?AccessLevel=privileged&amp;Access=NONE</access-policy>
        <access-policy>*/*/config/save-config?Access=x</access-policy>
        <access-policy>*/*/debug/set-loglevel?Access=x</access-policy>
        <access-policy>*/*/debug/set-rbmlog?Access=x</access-policy>
        <access-policy>*/*/login/ssh?Access=x</access-policy>
        <access-policy>*/*/login/telnet?Access=x</access-policy>
        <access-policy>*/*/login/web-mgmt?Access=x</access-policy>
    </rbm-template>

    <rbm-template name="netadmin" privileged="true">
        <access-policy>*/*/access/change-password?Access=x</access-policy>
        <access-policy>*/*/access/snmp?Access=rw</access-policy>
        <access-policy>*/*/config/remove-chkpoint?Access=x</access-policy>
        <access-policy>*/*/config/rollback-chkpoint?Access=x</access-policy>
        <access-policy>*/*/config/save-chkpoint?Access=x</access-policy>
        <access-policy>*/*/config/save-config?Access=x</access-policy>
        <access-policy>*/*/debug/error-report?Access=x</access-policy>
        <access-policy>*/*/debug/packet-capture?Access=x</access-policy>
        <access-policy>*/*/debug/ping?Access=x</access-policy>
        <access-policy>*/*/debug/set-loglevel?Access=x</access-policy>
        <access-policy>*/*/device/apply-patch?Access=x</access-policy>
        <access-policy>*/*/device/shutdown?Access=x</access-policy>
        <access-policy>*/*/login/ssh?Access=x</access-policy>
        <access-policy>*/*/login/telnet?Access=x</access-policy>
        <access-policy>*/*/login/web-mgmt?Access=x</access-policy>
        <access-policy>*/*/login/xml-mgmt?Access=x</access-policy>
        <access-policy>*/*/mgmt/ssh?Access=rw</access-policy>
        <access-policy>*/*/mgmt/telnet?Access=rwad</access-policy>
        <access-policy>*/*/mgmt/web-mgmt?Access=rw</access-policy>
        <access-policy>*/*/mgmt/xml-mgmt?Access=rw</access-policy>
        <access-policy>*/*/network/dns?Access=rw</access-policy>
        <access-policy>*/*/network/host-alias?Access=rwad</access-policy>
        <access-policy>*/*/network/interface?Access=rwad</access-policy>
        <access-policy>*/*/network/loadbalancer-group?Access=rwad</access-policy>
        <access-policy>*/*/network/network?Access=rw</access-policy>
        <access-policy>*/*/network/ntp-service?Access=rw</access-policy>
        <access-policy>*/*/network/user-agent?Access=rwad</access-policy>
        <access-policy>*/*/status/arp?Access=r</access-policy>
        <access-policy>*/*/status/chkpoints?Access=r</access-policy>
        <access-policy>*/*/status/dns-name-server?Access=r</access-policy>
        <access-policy>*/*/status/dns-search-domain?Access=r</access-policy>
        <access-policy>*/*/status/dns-static-host?Access=r</access-policy>
        <access-policy>*/*/status/interface?Access=r</access-policy>
        <access-policy>*/*/status/mq?Access=r</access-policy>
        <access-policy>*/*/status/object-status?Access=r</access-policy>
        <access-policy>*/*/status/routing?Access=r</access-policy>
        <access-policy>*/*/status/standby?Access=r</access-policy>
        <access-policy>*/*/system/failure-notification?Access=rw</access-policy>
        <access-policy>*/*/system/system?Access=rw</access-policy>
    </rbm-template>
    
    <rbm-template name="sysadmin" privileged="true">
        <access-policy>*/*/*?Access=rwadx</access-policy>
        <access-policy>*/*/file/store?Access=r</access-policy>
        <access-policy>*/*/network/interface?Access=r</access-policy>
    </rbm-template>
</rbm-templates>

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: