Send documentation comments to mdsfeedback-doc@cisco.com
18-3
Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x
OL-9285-05
Chapter 18 Troubleshooting Users and Roles
Overview
Rules and Features for Each Role
Up to 16 rules can be configured for each role. The user-specified rule number determines the order in
which the rules are applied. For example, rule 1 is applied before rule 2, which is applied before rule 3,
and so on. A user not belonging to the network-admin role cannot perform commands related to roles.
For example, if user A is permitted to perform all show commands, user A cannot view the output of the
show role command if user A does not belong to the network-admin role
The rule command specifies operations that can be performed by a specific role. Each rule consists of a
rule number, a rule type (permit or deny), a command type (for example, config, clear, show, exec,
debug), and an optional feature name (for example, FSPF, zone, VSAN, fcping, or interface).
Note In this case, exec commands refer to all commands in the EXEC mode that do not fall in the show,
debug, and clear categories.
The order of rule placement is important. For example, the first rule permits user access to all config
commands. and the next rule denies FSPF configuration to the user. As a result, the user can perform all
config commands except fspf configuration commands.
Note If you had swapped these two rules and issued the deny config feature fspf rule first and issued the
permit config rule next, you would be allowing the user to perform all configuration commands because
the second rule globally overrode the first rule.
To Next Page
Loading...
Need help?
General