1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Hardware
  5. NCS 1002
  6. System setup and software installation manual

Cisco NCS 1002 System Setup And Software Installation Manual page 45

Hide thumbs Also See for NCS 1002:
Table of Contents

Advertisement

Create User Profiles and Assign Privileges
Read and
execute (RX)
By default, all permissions are set to Reject.
Each command rule is identified by a number associated with it. When multiple command rules are applied
to a user group, the command rule with a lower number takes precedence. For example, cmdrule 5 permits
read access, while cmdrule10 rejects read access. When both these command rules are applied to the same
user group, user in this group gets read access because cmdrule 5 takes precedence.
As an example, the command rule is created to deny read and execute permissions for the "show platform"
command.
Before you begin
Create an user group. See
Procedure
Step 1
admin
Example:
RP/0/RP0/CPU0:ios# admin
Enters System Admin EXEC mode.
Step 2
configure
Example:
sysadmin-vm:0_RP0# configure
Enters System Admin Config mode.
Step 3
aaa authorization cmdrules cmdrule command_rule_number
Example:
sysadmin-vm:0_RP0#(config)#aaa authorization cmdrules cmdrule 1100
Specify a numeric value as the command rule number. You can enter a 32 bit integer.
Important
This command creates a new command rule (if it is not already present) and enters the command rule
configuration mode. In the example, command rule "1100" is created.
Note
Step 4
command command_name
Example:
sysadmin-vm:0_RP0#(config-cmdrule-1100)#command "show platform"
Specify the command for which permission is to be controlled.
If you enter an asterisk '*' for command, it indicates that the command rule is applicable to all commands.
Command is visible on the CLI and can be
executed.
Create a User Group, on page
Do no use numbers between 1 to 1000 because they are reserved by Cisco.
By default "cmdrule 1" is created by the system when the root-system user is created. This command
rule provides "accept" permission to "read" and "execute" operations for all commands. Therefore,
the root user has no restrictions imposed on it, unless "cmdrule 1" is modified.
Command is neither visible nor executable
from the CLI.
39.
System Setup and Software Installation Guide for Cisco NCS 1002
Create Command Rules
41
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco NCS 1002

Related Products for Cisco NCS 1002

Table of Contents