236
Cisco Nexus 5500 Series NX-OS Security Command Reference
OL-27883-02
Chapter R Commands
rule
rule
To configure rules for a user role, use the rule command. To delete a rule, use the no form of this
command.
rule number {deny | permit} {command command-string | {read | read-write} [feature
feature-name | feature-group group-name]}
no rule number
Syntax Description
Command Default None
Command Modes User role configuration mode
Command History
Usage Guidelines You can configure up to 256 rules for each role.
The rule number that you specify determines the order in which the rules are applied. Rules are applied
in descending order. For example, if a role has three rules, rule 3 is applied before rule 2, which is applied
before rule 1.
Deny rules cannot be added to any privilege roles, except the privilege 0 (priv-0) role.
Examples This example shows how to add rules to a user role:
switch(config)# role name MyRole
switch(config-role)# rule 1 deny command clear users
switch(config-role)# rule 1 permit read-write feature-group L3
number Sequence number for the rule. The switch applies the rule with the highest
value first and then the rest in descending order.
deny Denies access to commands or features.
permit Permits access to commands or features.
command
command-string
Specifies a command string. The command string can be a maximum of 128
characters and can contain spaces.
read Specifies read access.
read-write Specifies read and write access.
feature feature-name (Optional) Specifies a feature name. Use the show role feature command to
list the switch feature names.
feature-group
group-name
(Optional) Specifies a feature group.
Release Modification
5.2(1)N1(1) This command was introduced.
To Next Page
Loading...
