R21xx-HP FlexFabric 11900 Fundamentals Command Reference
58
After you create a user role feature group, you can use the display role feature command to display the
features available in the system and use the feature command to add features to the feature group.
Examples
# Create the feature group security-features.
<Sysname> system-view
[Sysname] role feature-group name security-features
[Sysname-featuregrp-security-features]
Related commands
• display role feature-group
• display role feature
• feature
rule
Use rule to create or change a user role rule for controlling command access.
Use undo rule to delete a user role rule.
Syntax
rule number { deny | permit } { command command-string | { execute | read | write } * { feature
[ feature-name ] | feature-group feature-group-name } }
undo rule { number | all }
Default
A user-defined user role has no rules and cannot use any command.
Views
User role view
Predefined user roles
network-admin
Parameters
number: Specifies a rule number in the range of 1 to 256.
deny: Denies access to any specified command.
permit: Permits access to any specified command.
command command-string: Specifies a command string. The command-string argument is a
case-insensitive string of 1 to 128 characters, including the wildcard asterisk (*), the delimiters space
and tab, and all printable characters.
execute: Specifies the execute commands of a feature or feature group. An execute command (for
example, ping) executes a specific function or program.
read: Specifies the read commands of a feature or feature group. A read command (for example, display,
dir, more, or pwd) displays configuration or maintenance information.
write: Specifies the write commands of a feature or feature group. A write command (for example, ssh
server enable) configures the system.