49
• Configure an XML element rule:
rule number { deny | permit }
{ execute | read | write
xml-element [ xml-string ]
• Configure an OID rule:
rule number { deny | permit }
{ execute | read | write } * oid
oid-string
feature names the same as the
feature names
including the case.
Configuring feature groups
Use feature groups to bulk assign command access permissions to sets of features. In addition to
the predefined feature groups, you can create a maximum of 64 custom feature groups and assign a
feature to multiple feature groups.
To configure a feature group:
1. Enter system view.
system-view
N/A
2. Create a feature group
group view.
role feature-group name
feature-group-name
By default, the system has the following
predefined feature groups:
• L2—Includes all Layer 2 commands.
• L3—Includes all Layer 3 commands.
These two groups are not user
configurable.
3. Add a feature to the
feature group.
feature
feature-name
By default, a feature group does not have
any features.
IMPORTANT:
You can specify only features available in
the system. Enter feature names the same
as the feature names
including the case.
Configuring resource access policies
Every user role has one interface policy, VLAN policy, and VPN instance policy. By default, these
policies permit user roles to access any interface, VLAN, and VPN. You can configure the policies of
a user-defined user role or a predefined level-n user role to limit its access to interfaces, VLANs, and
VPNs. The policy configuration takes effect only on users who are logged in with the user role after
the configuration.
Configuring the interface policy of a user role
1. Enter system view.
system-view
N/A
2. Enter user role view.
role name
role-name
N/A
3.
Enter user role interface
policy view.
interface policy deny
By default, the interface policy of the
user role permits access to all
To Next Page
Loading...
Need help?
General