Home » HP Manuals » Servers » HP 6125XLG » Manual Viewer

HP 6125XLG R2306-HP 6125XLG Blade Switch Fundamentals Command Reference - Page 66

super, Examples, Related commands

Add to My Manuals
Save this manual to your list of manuals

Page 66 highlights

Rule Guidelines To control the access to a command, you must specify the command immediately after the view that has the command. To control access to a command, you must specify the command immediately behind the view to which the command is assigned. The rules that control command access for any subview do not apply to the command. For example, the "rule 1 deny command system ; interface * ; *" command string disables access to any command that is assigned to interface view, but you can still execute the acl number command in interface view, because this command is assigned to system view rather than interface view. To disable access to this command, use "rule 1 deny command system ; acl *;". Do not include the vertical bar (|), greater-than sign (>), or double greater-than sign (>>) when you specify display commands in a user role command rule. The system does not treat these redirect signs and the parameters that follow them as part of command lines, but in user role command rules, they are handled as part of command lines. As a result, no rule that includes any of these signs can find a match. For example, "rule 1 permit command display debugging > log" can never find a match, because the system has a display debugging command but not a display debugging > log command. Examples # Permit the user role role1 to execute the display acl command. system-view [Sysname] role name role1 [Sysname-role-role1] rule 1 permit command display acl # Permit the user role role1 to execute all commands that start with display. [Sysname-role-role1] rule 2 permit command display * # Permit the user role role1 to execute the radius scheme aaa command in system view and use all commands assigned to RADIUS scheme view. [Sysname-role-role1] rule 3 permit command system ; radius scheme aaa # Deny the access of role1 to any read or write command of any feature. [Sysname-role-role1] rule 4 deny read write feature # Deny the access of role1 to any read command of the feature aaa. [Sysname-role-role1] rule 5 deny read feature aaa # Permit role1 to access all read, write, and execute commands of the feature group security-features. [Sysname-role-role1] rule 6 permit read write execute feature-group security-features Related commands • display role • display role feature • display role feature-group • role super Use super to obtain a user role that you are not logged in with. 59

Section	Page
Title Page	1
Contents	3
Basic CLI commands	8
command-alias enable	8
command-alias mapping	8
display \| { begin \| exclude \| include }	9
display \| by-linenum	10
display >	11
display >>	11
display command-alias	12
display history-command	13
display history-command all	14
display hotkey	14
hotkey	16
quit	16
return	17
screen-length disable	17
system-view	18
Login management commands	19
activation-key	19
authentication-mode	20
auto-execute command	21
command accounting	23
command authorization	23
databits	24
display telnet client	25
display user-interface	25
display users	27
escape-key	28
flow-control	29
free user-interface	30
history-command max-size	31
idle-timeout	31
lock	32
parity	33
protocol inbound	34
screen-length	34
send	35
set authentication password	36
shell	37
speed	38
stopbits	38
telnet	39
telnet client source	40
telnet ipv6	41
telnet server acl	41
telnet server ipv6 acl	42
telnet server enable	43
terminal type	44
user-interface	44
user-role	45
RBAC commands	47
description	47
display role	47
display role feature	49
display role feature-group	52
feature	55
interface policy deny	56
permit interface	57
permit vlan	58
permit vpn-instance	60
role	61
role default-role enable	62
role feature-group	63
rule	63
super	66
super authentication-mode	67
super password	68
vlan policy deny	70
vpn-instance policy deny	71
FTP commands	72
FTP server commands	72
display ftp-server	72
display ftp-user	73
free ftp user	73
free ftp user-ip	74
free ftp user-ip ipv6	74
ftp server acl	75
ftp server enable	76
ftp timeout	76
FTP client commands	77
append	77
ascii	77
binary	78
bye	79
cd	79
cdup	80
close	81
debug	81
delete	82
dir	83
disconnect	84
display ftp client source	85
ftp	85
ftp client source	86
ftp client ipv6 source	87
ftp ipv6	88
get	89
help	90
lcd	90
ls	91
mkdir	92
newer	93
open	93
passive	94
put	95
pwd	96
quit	96
reget	97
rename	97
reset	98
restart	98
rhelp	99
rmdir	101
rstatus	101
status	103
system	104
user	105
verbose	105
?	106
TFTP configuration commands	108
tftp	108
tftp client source	109
tftp ipv6	110
tftp client ipv6 source	111
tftp-server acl	112
tftp-server ipv6 acl	113
File system management commands	114
cd	114
copy	114
delete	116
dir	117
file prompt	118
fixdisk	119
format	119
gunzip	120
gzip	121
mkdir	121
more	122
move	123
pwd	124
rename	124
reset recycle-bin	125
rmdir	126
sha256sum	126
undelete	127
Configuration file management commands	128
archive configuration	128
archive configuration interval	129
archive configuration location	130
archive configuration max	131
backup startup-configuration	132
configuration encrypt	132
configuration replace file	133
display archive configuration	134
display current-configuration	135
display default-configuration	136
display saved-configuration	138
display startup	139
display this	140
reset saved-configuration	141
restore startup-configuration	142
save	142
startup saved-configuration	144
Software upgrade commands	146
boot-loader file	146
boot-loader update	147
bootrom update	148
display boot-loader	149
Device management commands	151
clock datetime	151
clock summer-time	152
clock timezone	153
command	154
copyright-info enable	155
display clock	156
display copyright	157
display cpu-usage	157
display cpu-usage history	158
display device	160
display device manuinfo	161
display diagnostic-information	162
display memory	163
display memory-threshold	164
display scheduler job	165
display scheduler logfile	166
display scheduler reboot	167
display scheduler schedule	167
display system-working-mode	168
display transceiver alarm	169
display transceiver diagnosis	170
display transceiver interface	171
display transceiver manuinfo	172
display version	173
display version-update-record	174
fan prefer-direction	175
header	176
job	177
memory-threshold	178
memory-threshold threshold	179
password-recovery enable	179
reboot	180
reset scheduler logfile	181
reset version-update-record	182
scheduler job	182
scheduler logfile size	183
scheduler reboot at	184
scheduler reboot delay	185
scheduler schedule	185
shutdown-interval	186
sysname	187
system-working-mode	188
time at	188
time once	189
time repeating	190
Emergency shell commands	193
copy	193
delete	193
dir	194
display copyright	195
display install package	196
display interface m-eth0	197
display ip routing-table	198
display ipv6 routing-table	199
display version	200
format	200
ftp	201
install load	201
interface m-eth0	202
ip address	203
ip gateway	203
ipv6 address	204
ipv6 gateway	205
mkdir	205
more	206
move	206
ping	207
ping ipv6	208
pwd	209
quit	209
reboot	210
rmdir	210
shutdown	211
ssh2	211
system-view	211
telnet	212
tftp	212
Tcl commands	214
tclsh	214
tclquit	214
Support and other resources	215
Contacting HP	215
Subscription service	215
Related information	215
Documents	215
Websites	216
Conventions	216
Command conventions	216
GUI conventions	216
Symbols	217
Network topology icons	217
Port numbering in examples	217

Match case Limit results 1 per page

Rule

Guidelines

To control the access to a

command, you must specify the

command immediately after the

view that has the command.

To control access to a command, you must specify the command

immediately behind the view to which the command is assigned. The rules

that control command access for any subview do not apply to the

command.

For example, the "rule 1 deny command system ; interface * ; *"

command string disables access to any command that is assigned to

interface view, but you can still execute the

acl number

command in

interface view, because this command is assigned to system view rather

than interface view. To disable access to this command, use "rule 1 deny

command system ; acl *;".

Do not include the vertical bar (|),

greater-than sign (>), or double

greater-than sign (>>) when you

specify

display

commands in a

user role command rule.

The system does not treat these redirect signs and the parameters that

follow them as part of command lines, but in user role command rules, they

are handled as part of command lines. As a result, no rule that includes

any of these signs can find a match.

For example, "rule 1 permit command display debugging > log" can

never find a match, because the system has a

display debugging

command but not a

display debugging

> log

command.

Examples

# Permit the user role

role1

to execute the

display acl

command.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1] rule 1 permit command display acl

# Permit the user role

role1

to execute all commands that start with

display

[Sysname-role-role1] rule 2 permit command display *

# Permit the user role

role1

to execute the

radius scheme aaa

command in system view and use all

commands assigned to RADIUS scheme view.

[Sysname-role-role1] rule 3 permit command system ; radius scheme aaa

# Deny the access of

role1

to any read or write command of any feature.

[Sysname-role-role1] rule 4 deny read write feature

# Deny the access of

role1

to any read command of the feature

aaa

[Sysname-role-role1] rule 5 deny read feature aaa

# Permit

role1

to access all read, write, and execute commands of the feature group

security-features

[Sysname-role-role1] rule 6 permit read write execute feature-group security-features

Related commands

•

display role

•

display role feature

•

display role feature-group

•

role

super

Use

super

to obtain a user role that you are not logged in with.