Manualshelf

R0106-HP MSR Router Series Fundamentals Command Reference(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
31323334353637383940
30
command command-string: Specifies a command string. The command-string argument is a
case-sensitive string of 1 to 128 characters, including the following characters:
The wildcard asterisk (*).
The delimiters space and tab.
All printable characters.
execute: Specifies the execute commands or XML elements. An execute command (for example, ping) or
XML element executes a specific function or program.
read: Specifies the read commands or XML elements. A read command (for example, display, dir, more,
or pwd) or XML element displays configuration or maintenance information.
write: Specifies the write commands or XML elements. A write command (for example, ssh server enable)
or XML element configures the system.
feature [ feature-name ]: Specifies one or all features. The feature-name argument specifies a feature
name. If you do not specify a feature name, you specify all the features in the system. When you specify
a feature, you must enter the feature name as the name is displayed by display role feature, including the
case.
feature-group feature-group-name: Specifies a user-defined or predefined feature group. The
feature-group-name argument represents the feature group name, a case-sensitive string of 1 to 31
characters. If the feature group has not been created, the rule takes effect after the group is created. To
display the feature groups that have been created, use the display role feature-group command.
xml-element [ xml-string ]: Specifies an XML element. The xml-string argument represents the XPath of the
XML element, a case-insensitive string of 1 to 512 characters. Use the forward slash (/) to separate Xpath
items, for example, Interfaces/Index/Name. If you do not specify any XML element, the rule applies to
all XML elements.
all: Deletes all the user role rules.
Usage guidelines
You can define the following types of rules for different access control granularities:
Command rule—Controls access to a command or a set of commands that match a regular
expression.
Feature rule—Controls access to the commands of a feature by command type.
Feature group ruleControls access to the commands of a group of features by command type.
XML element rule—Controls access to XML elements.
A user role can access the set of permitted commands and XML elements specified in the user role rules.
User role rules include predefined (identified by sys-n) and user-defined user role rules.
If two user-defined rules of the same type conflict, the one with the higher ID takes effect. For
example, the user role can use the tracert command but not the ping command if the following rules
exist:
{ Rule 1 that permits the ping command.
{ Rule 2 that permits the tracert command.
{ Rule 3 that denies the ping command.
If a predefined user role rule and a user-defined user role rule conflict, the user-defined user role rule
takes effect.
You can configure up to 256 user-defined rules for a user role. The total number of user-defined user role
rules cannot exceed 1024.