Manualshelf

Instruction manual

ManualsBrandsCitrix Systems ManualsSwitch9000 Series
919293949596979899100
Chapter 2 Installation, Configuration and Management
NetScaler 9000 Series Installation and Configuration Guide - Volume 1 2-69
NSICG60_DEC04
policy’s full command specification string as it would be entered on the
command line.
z The read-only policy allows all show commands, excluding the system
command group and ns.conf show commands.
z The operator policy grants all of the read-only policy privileges and adds
access to enable and disable commands on services. This policy also
allows access to set services and servers as ‘accessdown.’
z The network command policy permits near total system access excluding
system commands and the shell command.
z Lastly, the superuser policy grants full system privileges, giving nsroot
user identical privileges.
When using any of these built-in policies, you bind them as you would any
other command policy. Binding of command policies is discussed in the next
section.
2.6.4.8 Binding Command Policies
Once you have your command policies defined, you must bind them in order
to put them in to use. When you create these bindings you must also set
priorities on the policies to define their order of use. Command policies are
evaluated in ascending order of assigned priorities.
Binding Command Policies per User
For this example, the user johnd created in section 2.6.3.1 and the
previously listed example command policies will be reused. This example, in
Table 0-1.
Policy Name cmdSpec Expression
read-only (^show\s+(?!system)(?!ns ns.conf).*)|(^stat.*)
operator (^show\s+(?!system)(?!ns ns.conf).*) |
(^stat.*)|(^set.*-accessdown.*) |
(^(enable|disable) (server|service).*)
network ^(?!shell)\S+\s+(?!system).*
superuser .*