Configuring Groups For Local Authorization - HP 3500yl Series Access Security Manual

RADIUS Authentication, Authorization, and Accounting
Creating Local Privilege Levels
6-76

Configuring Groups for Local Authorization

You must create a group for local authorization before you can assign local
users to it. When creating the group, at least one command is created as part
of that group. Typically, multiple commands are assigned to a group. To create
a group, enter this command.
Syntax: [no] aaa authorization group <group-name> <1-2147483647> match-
command
<command-string> <permit | deny> [log]
Create a local authorization group with the specified name.
The name is case-sensitive and may not contain spaces.
Duplicate names are not allowed.
You can create a maximum of 16 groups. The name of the
group can have a maximum of 16 characters.
<1-2147483647>: The evaluation order for the match
commands.
match-command <command-string>: The command string is the
CLI command. It must be surrounded in double quotes if it
contains any spaces, for example,
"vlan *".
The <command-string> is a POSIX regular expression and
follows POSIX matching rules. For example, the "*" character
means match the preceding character zero or more times, so
ab*c will match "ac", "abc", "abbc", etc. The "." character
means match any character, so ".*" would match anything,
while the command string "aaa.*" would match commands
that have "aaa" followed by zero or more characters. The "^"
character means match to the beginning of the string, so
"^aaa.*" would mean the string must start with "aaa" and
can have anything after that.
<permit | deny>: Either permit or deny execution of the
command.
[log]: Optional. Indicates the matching of such commands will
generate an event log entry for either permitted or denied.
Typically multiple commands are assigned to a group. Each command is
entered on a separate line. Commands are evaluated in numerical order of the
sequence number until a match is found, then the permit or deny action for that
command is executed.