Rule - Cisco AP775A - Nexus Converged Network Switch 5010 Command Reference Manual

Chapter 6 Security Commands
S e n d c o m m e n t s t o n x 5 0 0 0 - d o c f e e d b a c k @ c i s c o . c o m

rule

To configure rules for a user role, use the rule command. To delete a rule, use the no form of this
command.
Syntax Description
number
deny
permit
command
command-string
read
read-write
feature feature-name
feature-group
group-name
Command Default None
Command Modes
User role configuration.
Command History Release
4.0(0)N1(1a)
Usage Guidelines You can configure up to 256 rules for each role.
The rule number that you specify determines the order in which the rules are applied. Rules are applied
in descending order. For example, if a role has three rules, rule 3 is applied before rule 2, which is applied
before rule 1.
Examples This example shows how to add rules to a user role:
switch(config)# role MyRole
switch(config-role)# rule 1 deny command clear users
switch(config-role)# rule 1 permit read-write feature-group L3
OL-16599-01
rule number {deny | permit} {command command-string | {read | read-write} [feature
feature-name | feature-group group-name]}
no rule number
Sequence number for the rule. The switch applies the rule with the highest
value first and then the rest in descending order.
Denies access to commands or features.
Permits access to commands or features.
Specifies a command string.
Specifies read access.
Specifies read and write access.
(Optional) Specifies a feature name. Use the show role feature command to
list the switch feature names.
(Optional) Specifies a feature group.
Modification
This command was introduced.
Cisco Nexus 5000 Series Command Reference
rule
6-93