Super - HP Enterprise FlexFabric 12900E Series Command Reference Manual

Hide thumbs Also See for Enterprise FlexFabric 12900E Series:

Installation manual (152 pages)

Configuration manual (552 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

page of 213

/ 213
Contents
Table of Contents
Bookmarks

Table of Contents

Rule

To control the access to a

command, you must specify the

command immediately after the

view that has the command.

Do not include the vertical bar (|),

greater-than sign (>), or double

greater-than sign (>>) when you

specify display commands in a

user role command rule.

Examples

# Permit user role role1 to execute the

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] rule 1 permit command display acl

# Permit user role role1 to execute all commands that start with the

[Sysname-role-role1] rule 2 permit command display *

# Permit user role role1 to execute the

commands assigned to RADIUS scheme view.

[Sysname-role-role1] rule 3 permit command system ; radius scheme aaa

# Deny the access of role1 to the read or write commands of any features.

[Sysname-role-role1] rule 4 deny read write feature

# Deny the access of role1 to the read commands of the aaa feature.

[Sysname-role-role1] rule 5 deny read feature aaa

# Permit role1 to access all read, write, and execute commands of feature group security-features.

[Sysname-role-role1] rule 6 permit read write execute feature-group security-features

# Permit role1 to access all read and write MIB nodes starting from the node with OID 1.1.2.

[Sysname-role-role1] rule 7 permit read write oid 1.1.2

Related commands

display role

display role feature

display role feature-group

role

super

Use

super

Guidelines

To control access to a command, you must specify the command

immediately behind the view to which the command is assigned. The

rules that control command access for any subview do not apply to the

command.

For example, the "rule 1 deny command system ; interface * ; *"

command string disables access to any command that is assigned to

interface view. However, you can still execute the acl advanced

command in interface view, because this command is assigned to

system view rather than interface view. To disable access to this

command, use "rule 1 deny command system ; acl *;".

The system does not treat the redirect signs and the parameters that

follow the signs as part of command lines. However, in user role

command rules, these redirect signs and parameters are handled as

part of command lines. As a result, no rule that includes any of these

signs can find a match.

For example, "rule 1 permit command display debugging > log" can

never find a match. This is because the system has a display

debugging command but not a display debugging > log command.

to obtain another user role without reconnecting to the device.

command.

display acl

radius scheme aaa

keyword.

display

command in system view and use all

Table of Contents

Super - HP Enterprise FlexFabric 12900E Series Command Reference Manual

super

Related Manuals for HP Enterprise FlexFabric 12900E Series

Related Content for HP Enterprise FlexFabric 12900E Series

Table of Contents