Step
Add a feature to the
3.
feature group.
Configuring resource access policies
Every user role has one interface policy, VLAN policy, and VPN instance policy. By default, these
policies permit a user role to access any interface, VLAN, and VPN instance. You can configure the
policies of a user-defined user role or a predefined level-n user role to limit its access to interfaces,
VLANs, and VPN instances. The policy configuration takes effect only on users who are logged in
with the user role after the configuration.
Configuring the user role interface policy
Step
Enter system view.
1.
Enter user role view.
2.
Enter user role interface
3.
policy view.
(Optional.) Specify a list of
4.
interfaces accessible to
the user role.
Configuring the user role VLAN policy
Step
Enter system view.
1.
Enter user role view.
2.
Command
feature feature-name
Command
system-view
role name role-name
interface policy deny
permit interface interface-list
Command
system-view
role name role-name
23
Remarks
By default, a feature group does not have
any feature.
Repeat this step to add multiple features to
the feature group.
IMPORTANT:
You can specify only features available in
the system. Enter feature names the same
as the feature names are displayed,
including the case.
Remarks
N/A
N/A
By default, the interface policy of the
user role permits access to all
interfaces.
This command denies the access of
the user role to all interfaces if the
permit interface command is not
configured.
By default, no accessible interfaces
are configured in user role interface
policy view.
Repeat this step to add multiple
accessible interfaces.
Remarks
N/A
N/A