Manualshelf

R211x-HP Flexfabric 11900 Fundamentals Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products
71727374757677787980
68
feature
rule
Use rule to create or change a user role rule for controlling command access.
Use undo rule to delete a user role rule.
Syntax
rule number { deny | permit } { command command-string | { execute | read | write } * { feature
[ feature-name ] | feature-group feature-group-name } }
undo rule { number | all }
Default
A user-defined user role has no rules and cannot use any command.
Views
User role view
Predefined user roles
network-admin
mdc-admin
Parameters
number: Specifies a rule number in the range of 1 to 256.
deny: Denies access to any specified command.
permit: Permits access to any specified command.
command command-string: Specifies a command string. The command-string argument is a
case-sensitive string of 1 to 128 characters, including the wildcard asterisk (*), the delimiters space and
tab, and all printable characters.
execute: Specifies the execute commands of a feature or feature group. An execute command (for
example, ping) executes a specific function or program.
read: Specifies the read commands of a feature or feature group. A read command (for example, display,
dir, more, or pwd) displays configuration or maintenance information.
write: Specifies the write commands of a feature or feature group. A write command (for example, ssh
server enable) configures the system.
feature [ feature-name ]: Specifies one or all features. The feature-name argument specifies a feature
name. If no feature name is specified, you specify all the features in the system. When you specify a
feature, you must enter its name exactly as displayed by display role feature, including the case.
feature-group feature-group-name: Specifies a user-defined or pre-defined feature group. The
feature-group-name argument represents the feature group name, a case-sensitive string of 1 to 31
characters. If the feature group has not been created, the rule takes effect after the group is created. To
display the feature groups that have been created, use the display role feature-group command.
all: Deletes all the user role rules.
Usage guidelines
You can define the following types of rules for different access control granularities: