59
Step Command Remarks
• Configure an XML element rule:
rule number { deny | permit }
{ execute | read | write } *
xml-element [ xml-string ]
• Configure an OID rule:
rule number { deny | permit }
{ execute | read | write } * oid
[ oid-string ]
feature names the same as the
feature names are displayed,
including the case.
Configuring feature groups
Use feature groups to bulk assign command access permissions to sets of features. In addition to
the predefined feature groups, you can create a maximum of 64 custom feature groups and assign a
feature to multiple feature groups.
To configure a feature group:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Create a feature group
and enter feature
group view.
role feature-group name
feature-group-name
By default, the system has the following
predefined feature groups:
• L2—Includes all Layer 2 commands.
• L3—Includes all Layer 3 commands.
These two groups are not user
configurable.
3. Add a feature to the
feature group.
feature
feature-name
By default, a feature group does not have
any features.
IMPORTANT:
You can specify only features available in
the system. Enter feature names the same
as the feature names are displayed,
including the case.
Configuring resource access policies
Every user role has one interface policy and VLAN policy. By default, these policies permit a user
role to access any interface and VLAN. You can configure the policies of a user-defined user role or
a predefined level-n user role to limit its access to interfaces and VLANs. The policy configuration
takes effect only on users who are logged in with the user role after the configuration.
Configuring the interface policy of a user role
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter user role view.
role name
role-name
N/A
3. Enter user role interface
policy view.
interface policy deny
By default, the interface policy of the
user role permits access to all
interfaces.
To Next Page
Loading...
Need help?
General