HP 6125XLG R2306-HP 6125XLG Blade Switch Fundamentals Command Reference - Page 66
super, Examples, Related commands
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 66 highlights
Rule Guidelines To control the access to a command, you must specify the command immediately after the view that has the command. To control access to a command, you must specify the command immediately behind the view to which the command is assigned. The rules that control command access for any subview do not apply to the command. For example, the "rule 1 deny command system ; interface * ; *" command string disables access to any command that is assigned to interface view, but you can still execute the acl number command in interface view, because this command is assigned to system view rather than interface view. To disable access to this command, use "rule 1 deny command system ; acl *;". Do not include the vertical bar (|), greater-than sign (>), or double greater-than sign (>>) when you specify display commands in a user role command rule. The system does not treat these redirect signs and the parameters that follow them as part of command lines, but in user role command rules, they are handled as part of command lines. As a result, no rule that includes any of these signs can find a match. For example, "rule 1 permit command display debugging > log" can never find a match, because the system has a display debugging command but not a display debugging > log command. Examples # Permit the user role role1 to execute the display acl command. system-view [Sysname] role name role1 [Sysname-role-role1] rule 1 permit command display acl # Permit the user role role1 to execute all commands that start with display. [Sysname-role-role1] rule 2 permit command display * # Permit the user role role1 to execute the radius scheme aaa command in system view and use all commands assigned to RADIUS scheme view. [Sysname-role-role1] rule 3 permit command system ; radius scheme aaa # Deny the access of role1 to any read or write command of any feature. [Sysname-role-role1] rule 4 deny read write feature # Deny the access of role1 to any read command of the feature aaa. [Sysname-role-role1] rule 5 deny read feature aaa # Permit role1 to access all read, write, and execute commands of the feature group security-features. [Sysname-role-role1] rule 6 permit read write execute feature-group security-features Related commands • display role • display role feature • display role feature-group • role super Use super to obtain a user role that you are not logged in with. 59