Manualshelf

R0106-HP MSR Router Series Fundamentals Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
21222324252627282930
20
Configuration restrictions and guidelines
When you configure RBAC user role rules, follow these restrictions and guidelines:
You can configure up to 256 user-defined rules for a user role. The total number of user-defined user
role rules cannot exceed 1024.
Any rule modification, addition, or removal for a user role takes effect only on users who are logged
in with the user role after the change.
If two user-defined rules of the same type conflict, the rule with the higher ID takes effect. For
example, the user role can use the tracert command but not the ping command if the following rules
exist:
{ Rule 1 that permits the ping command.
{ Rule 2 that permits the tracert command.
{ Rule 3 that denies the ping command.
If a predefined user role rule and a user-defined user role rule conflict, the user-defined user role rule
takes effect.
Configuration procedure
To configure rules for a user role:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter user role view.
role name role-name N/A
3. Configure a rule.
Configure a command rule:
rule number { deny | permit }
command command-string
Configure a feature rule:
rule number { deny | permit }
{ execute | read | write } * feature
[ feature-name ]
Configure a feature group rule:
rule number { deny | permit }
{ execute | read | write } *
feature-group feature-group-name
Configure an XML element rule:
rule number { deny | permit }
{ execute | read | write } *
xml-element [ xml-string ]
By default, a user-defined user role
does not have any rules or access to
any commands or XML elements.
Repeat this step to add up to 256
rules to the user role.
IMPORTANT:
When you configure feature rules,
you can specify only features
available in the system. Enter feature
names the same as the feature names
are displayed, including the case.
Configuring feature groups
Use feature groups to bulk assign command access permissions to sets of features. In addition to the
predefined feature groups, you can create up to 64 custom feature groups and assign a feature to
multiple feature groups.
To configure a feature group: