System Management Guide Security
Edition: 01 3HE 11018 AAAC TQZZA 125
For example, if a user is a member of two profiles and the default action of the first
profile is permit-all, then the second profile will never be evaluated because
permit-all is executed first. If the first profile default action is set to none and if no
match conditions are met in the first profile, then the second profile will be evaluated.
If the default action of the last profile is none and no explicit match is found, then the
default-action deny-all takes effect.
entry
Syntax [no] entry entry-id
Context config>system>security>profile
Description This command is used to create a user profile entry.
More than one entry can be created with unique entry-id numbers. The 7705 SAR exits when
the first match is found and executes the actions according to the accompanying action
command. Entries should be sequenced from most explicit to least explicit.
An entry may not have any match criteria defined (in which case, everything matches) but
must have at least the keyword action for it to be considered complete.
The no form of the command removes the specified entry from the user profile.
Default no entry IDs are defined
Parameters entry-id — an entry ID uniquely identifies a user profile command match criteria and a
corresponding action. If more than one entry is configured, the entry-ids should be
numbered in staggered increments to allow users to insert a new entry without
requiring renumbering of the existing entries.
Values 1 to 9999
action
Syntax action {deny | permit}
Context config>system>security>profile>entry
Description This command configures the action associated with the profile entry.
Parameters deny — specifies that commands matching the entry command match criteria will be
denied
permit — specifies that commands matching the entry command match criteria will be
permitted
To Next Page
Loading...
