Permit Security-Zone - HPE D6020 Maintenance And Service Manual

# Permit user role role1 to execute all commands available in interface view and VLAN view.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] rule 1 permit command system-view ; interface *
[Sysname-role-role1] rule 2 permit command system-view ; vlan *
# Permit the user role to access GigabitEthernet 1/0/1, and GigabitEthernet 1/0/5 to
GigabitEthernet 1/0/7.
[Sysname-role-role1] interface policy deny
[Sysname-role-role1-ifpolicy] permit interface gigabitethernet 1/0/1
gigabitethernet 1/0/5 to gigabitethernet 1/0/7
[Sysname-role-role1-ifpolicy] quit
[Sysname-role-role1] quit
2. Verify that you cannot use the user role to work on any interfaces except for GigabitEthernet
1/0/1 and GigabitEthernet 1/0/5 to GigabitEthernet 1/0/7:
# Verify that you can enter GigabitEthernet 1/0/1 interface view.
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] quit
# Verify that you can assign GigabitEthernet 1/0/5 to VLAN 10. In this example, the user role
can access all VLANs because the default VLAN policy of the user role is used.
[Sysname] vlan 10
[Sysname-vlan10] port gigabitethernet 1/0/5
[Sysname-vlan10] quit
# Verify that you cannot enter GigabitEthernet 1/0/2 interface view.
[Sysname] interface gigabitethernet 1/0/2
Permission denied.
Related commands
display role
interface policy deny
role

permit security-zone

Use permit security-zone to configure a list of security zones accessible to a user role.
Use undo permit security-zone to remove the permission for a user role to access specific security
zones.
Syntax
permit security-zone security-zone-name&<1-10>
undo permit security-zone [ security-zone-name&<1-10> ]
Default
No permitted security zones are configured in user role security zone policy view.
Views
User role security zone policy view
Predefined user roles
network-admin
30