Working in the CLI
User Passwords
The
password
command allows a logged in user to change the password for their user name. A
user name with the
admin
flag can modify the password for any user name. The password itself is
not permitted on the command line, and is not displayed by a user context
show
command (or any
eqcli command).
User Permissions
When a user attempts to access an object (cluster, server, server pool, VLAN, etc.) on Equalizer,
the system determines whether the user has permission to access the object as follows:
1. If the user’s definition has the
admin
flag enabled, then access is granted.
2. Otherwise, the user must have specific permission granted on the object for the access
mode being attempted. For example, if the user attempts to display a cluster, then the user
must have
read
permission on the cluster.
Permission to access an object is granted in one of two ways:
l
The
permit_object
command gives the user the specified access permissions on the spe-
cified object.
l
The
permit_objlist
command gives the user access permissions on all objects of a par-
ticular type as listed in the object list specified on the command line.
Note
- The
permit_object
and
permit_objlist
commands:
- can be used only on existing user logins.
- must be entered one at a time, on a line by themselves, with no other user context commands on the command line
So, for example, you cannot modify a user’s
duration
parameter and in the same command line include a
permit_
object
or
permit_objlist
command.
Using permit_object to Assign User Permissions on a Single Object
The
user
context
permit_object
command has the following syntax:
permit_object
perm type object_name
The command assigns the given permission on the given object in the user context. The command
arguments are as follows:
l
perm
-
One or more of the following permissions:
read
,
write
,
delete
. Multiple per-
missions must be separated by commas. If spaces are included, the entire list of per-
missions must be enclosed in quotes.
l
type
-
One of the following object types:
cert
,
cluster
,
crl
,
geocluster
,
geosite
,
port
,
server
,
srvpool
,
subnet
,
user
,
vlan
.
l
object_name -
The name of an existing object of the
type
given on the command line.
220
Copyright © 2014 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
Summary of Contents for Equalizer GX Series
Page 18: ......
Page 32: ...Overview 32 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Page 42: ......
Page 52: ......
Page 64: ......
Page 72: ......
Page 76: ......
Page 228: ......
Page 238: ......
Page 476: ......
Page 492: ......
Page 530: ......
Page 614: ......
Page 626: ......
Page 638: ......
Page 678: ......
Page 732: ...Using SNMP Traps 732 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Page 754: ......
Page 790: ......
Page 804: ......
Page 842: ......
Page 866: ......