Configuring Command Authorization; Configuration Procedure - HP FlexFabric 7900 Series Configuration Manual

[Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[Sysname-acl-basic-2000] quit
# Associate the ACL with the SNMP community and the SNMP group.
[Sysname] snmp-agent community read aaa acl 2000
[Sysname] snmp-agent group v2c groupa acl 2000
[Sysname] snmp-agent usm-user v2c usera groupa acl 2000

Configuring command authorization

By default, commands are available for a user depending only on that user's user roles. When the
authentication mode is scheme, you can configure the command authorization function to further control
access to commands.
After you enable command authorization, a command is available for a user only if the user has the
commensurate user role and is authorized to use the command by the AAA scheme.
This section provides the procedure for configuring command authorization. To make the command
authorization function take effect, you must configure a command authorization method in ISP domain
view. For more information, see Security Configuration Guide.

Configuration procedure

To configure command authorization:
Step
1. Enter system view.
2. Enter user line view or
user line class view.
Command
system-view
•
To enter user line view:
line { first-number1
[ last-number1 ] | { aux | vty }
first-number2 [ last-number2 ] }
•
To enter user line class view:
line class { aux | vty }
41
Remarks
N/A
Use either command.
A setting in user line view is applied only to
the user line. A setting in user line class
view is applied to all user lines of the class.
A non-default setting in either view takes
precedence over a default setting in the
other view. A non-default setting in user
line view takes precedence over a
non-default setting in user line class view.
A setting in user line view takes effect
immediately and affects the online user. A
setting in user line class view does not
affect online users and takes effect only for
users who log in after the configuration is
completed.