28
Any change to a user role interface policy takes effect only on users who log in with the user role after
the change.
Examples
# Enter user role interface policy view of role1, and deny role1 to access all interfaces.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] interface policy deny
[Sysname-role-role1-ifpolicy] quit
# Enter user role interface policy view of role1, and deny role1 to access all interfaces except for
Ten-GigabitEthernet 1/0/1 to Ten-GigabitEthernet 1/0/4.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1] interface policy deny
[Sysname-role-role1-ifpolicy] permit interface ten-gigabitethernet 1/0/1 to
ten-gigabitethernet 1/0/4
Related commands
display role
permit interface
role
permit interface
Use permit interface to configure a list of interfaces accessible to a user role.
Use undo permit interface to disable the access of a user role to specific interfaces.
Syntax
permit interface interface-list
undo permit interface [ interface-list ]
Default
No permitted interfaces are configured in user role interface policy view.
Views
User role interface policy view
Predefined user roles
network-admin
Parameters
interface-list: Specifies a space-separated list of up to 10 interface items. Each interface item
specifies one interface in the interface-type interface-number form or a range of interfaces in the
interface-type interface-number to interface-type interface-number form. If you specify an interface
range, the end interface must meet the following requirements:
• Be the same type as the start interface.
• Have a higher interface number than the start interface.
Usage guidelines
To permit a user role to access an interface after you configure the interface policy deny command,
you must add the interface to the permitted interface list of the policy. With the user role, you can
perform the following tasks to the interfaces in the permitted interface list:
To Next Page
Loading...
Need help?
General