25
Rule
Guidelines
To control the access to a
command, you must specify the
command immediately after the
view that has the command.
To control access to a command, you must specify the command
immediately behind the view to which the command is assigned. The
rules that control command access for any subview do not apply to the
command.
For example, the "
rule 1 deny command system
;
interface
* ; *
" command string disables access to any
command that is assigned to interface view. However, you can still
execute the
acl advanced
command in interface view, because this
command is assigned to system view rather than interface view. To
disable access to this command, use "
rule 1 deny command
system
;
acl
*;
".
Do not include the vertical bar
(
|
), greater-than sign (
>
), or
double greater-than sign (
>>
)
when you specify
display
commands in a user role
command rule.
The system does not treat the redirect signs and the parameters that
follow the signs as part of command lines. However, in user role
command rules, these redirect signs and parameters are handled as
part of command lines. As a result, no rule that includes any of these
signs can find a match.
For example, "
rule 1 permit command display
debugging
>
log
" can never find a match. This is because the
system has a
display debugging
command but not a
display
debugging
>
log
command.
Examples
# Permit user role
role1
to execute the
display acl
command.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] rule 1 permit command display acl
# Permit user role
role1
to execute all commands that start with the
display
keyword.
[Sysname-role-role1] rule 2 permit command display *
# Permit user role
role1
to execute the
radius scheme aaa
command in system view and use all
commands assigned to RADIUS scheme view.
[Sysname-role-role1] rule 3 permit command system ; radius scheme aaa
# Deny the access of
role1
to the read or write commands of any features.
[Sysname-role-role1] rule 4 deny read write feature
# Deny the access of
role1
to the read commands of the
aaa
feature.
[Sysname-role-role1] rule 5 deny read feature aaa
# Permit
role1
to access all read, write, and execute commands of feature group
security-features
.
[Sysname-role-role1] rule 6 permit read write execute feature-group security-features
# Permit
role1
to access all read and write MIB nodes starting from the node with OID 1.1.2.
[Sysname-role-role1] rule 7 permit read write oid 1.1.2
Related commands
display role
display role feature
display role feature-group
display web menu
role
Содержание SOHO IE4300
Страница 114: ...ii tftp client ipv6 source 41 tftp client source 41 tftp ipv6 42 tftp server acl 44 tftp server ipv6 acl 44...
Страница 285: ...i Contents Tcl commands 1 cli 1 tclquit 1 tclsh 2...
Страница 288: ...i Contents Python commands 1 exit 1 python 1 python filename 2...
Страница 291: ...i Contents Automatic configuration commands 1 autodeploy udisk enable 1...
Страница 323: ...25 Sysname Ten GigabitEthernet1 0 51 undo shutdown Related commands irf port...
Страница 396: ...i Contents Bulk interface configuration commands 1 display interface range 1 interface range 1 interface range name 3...
Страница 460: ...i Contents Port isolation commands 1 display port isolate group 1 port isolate enable 2 port isolate group 2...
Страница 465: ...ii stp vlan enable 55 vlan mapping modulo 55...
Страница 589: ...60 Examples Enable LLDP for automatic IP phone discovery Sysname system view Sysname voice vlan track lldp...
Страница 602: ...12 Related commands display mvrp statistics...
Страница 609: ...i Contents VLAN mapping commands 1 display vlan mapping 1 vlan mapping 2...
Страница 678: ...9 Related commands reset pppoe relay statistics...
Страница 846: ...i Contents Basic IP forwarding commands 1 display fib 1 ip forwarding table save 2...
Страница 1073: ...i Contents HTTP redirect commands 1 http redirect https port 1 http redirect ssl server policy 1...
Страница 1087: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...
Страница 1340: ...9 Sysname ipv6 route static default preference 120 Related commands display ipv6 routing table protocol...
Страница 1649: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...
Страница 1668: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...
Страница 1770: ...i Contents Time range commands 1 display time range 1 time range 1...
Страница 2026: ...34 Related commands display mac authentication...
Страница 2028: ...ii...
Страница 2143: ...i Contents User profile commands 1 display user profile 1 user profile 2...
Страница 2308: ...61 ipsec transform set...
Страница 2473: ...i Contents TCP attack prevention commands 1 tcp anti naptha enable 1 tcp check state interval 1 tcp state 2...
Страница 2531: ...i Contents SAVI commands 1 ipv6 savi down delay 1 ipv6 savi log enable 1 ipv6 savi strict 2...
Страница 2534: ...3 Sysname ipv6 savi strict Related commands ipv6 verify source...
Страница 2541: ...i Contents Crypto engine commands 1 display crypto engine 1 display crypto engine statistics 1 reset crypto engine statistics 3...
Страница 2545: ...i Contents FIPS commands 1 display crypto version 1 display fips status 1 fips mode enable 2 fips self test 4...
Страница 2791: ...14 Sysname track 1 Related commands delay display track...
Страница 2939: ...9 sntp authentication keyid sntp reliable authentication keyid...
Страница 2967: ...27 Related commands apply poe profile poe enable poe max power interface view poe priority...
Страница 3240: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...
Страница 3263: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...