HP Enterprise FlexFabric 12900E Series Command Reference Manual page 42

•
The system compares an OID with the OIDs specified in rules, and it uses the longest match
principle to select a rule for the OID. For example, a user role cannot access the MIB node with
OID 1.3.6.1.4.1.25506.141.3.0.1 if the user role contains rules configured by using the following
commands:
rule 1 permit read write oid 1.3.6

rule 2 deny read write oid 1.3.6.1.4.1

rule 3 permit read write oid 1.3.6.1.4

•
If the same OID is specified in multiple rules, the rule with the higher ID takes effect. For
example, a user role can access the MIB node with OID 1.3.6.1.4.1.25506.141.3.0.1 if the user
role contains rules configured by using the following commands:
rule 1 permit read write oid 1.3.6

rule 2 deny read write oid 1.3.6.1.4.1

rule 3 permit read write oid 1.3.6.1.4.1

When you specify a command string, follow the guidelines in
Table 6 Command string configuration rules
Rule
Semicolon (;) is the delimiter.
Asterisk (*) is the wildcard.
Keyword abbreviation is allowed.
Guidelines
Use a semicolon to separate the command of each view that you must
enter before you access a command or a set of commands. However,
do not use a semicolon to separate commands available in user view or
display
any view, for example,
Each semicolon-separated segment must have a minimum of one
printable character.
To specify the commands in a view but not the commands in the view's
subviews, use a semicolon as the last printable character in the last
segment. To specify the commands in a view and the view's subviews,
the last printable character in the last segment must not be a semicolon.
For example, you must enter system view before you enter interface
view. To specify all commands starting with the
interface view, you must use the "system ; interface * ; ip * ;" command
string.
For another example, the "system ; radius scheme * ;" command string
represents all commands that start with the
keywords in system view. The "system ; radius scheme *" command
string represents all commands that start with the
keywords in system view and all commands in RADIUS scheme view.
An asterisk represents zero or multiple characters.
In a non-last segment, you can use an asterisk only at the end of the
segment.
In the last segment, you can use an asterisk in any position of the
segment. If the asterisk appears at the beginning, you cannot specify a
printable character behind the asterisk.
For example, the "system ; *" command string represents all commands
available in system view and all subviews of the system view. The
"debugging * event" command string represents all event debugging
commands available in user view.
You can specify a keyword by entering the first few characters of the
keyword. Any command that starts with this character string matches
the rule.
For example, "rule 1 deny command dis arp source *" denies access to
the commands display arp source-mac interface and display arp
source-suppression.
36
Table 6.
dir
and .
ip
keyword in any
radius scheme
radius scheme