Configuring a placeholder rule, Rule processing – Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual

Network OS NETCONF Operations Guide

183

53-1003231-02

Command access rules

15

Refer to the Network OS Administrator’s Guide for details about how rules apply to configuration
commands, operational commands, and interface key-based commands.

Configuring a placeholder rule

A rule created to allow the no-operation command does not enforce any authorization rules.
Instead, you can use this instance as a placeholder for a valid command that is added later, as
shown in the following example.

1. Issue the RPC to configure the node in the

urn:brocade.com:mgmt:brocade-aaa namespace.

2. Under the node, include the / hierarchy of node elements.

3. Under the node, include the empty element to serve as a

placeholder.

75

reject

read-write

NetworkAdmin

no-operation

Rule processing

When a user executes a command, rules are searched in ascending order by index for a match and
the action of the first matching rule is applied. If none of the rules match, command execution is
blocked. If conflicting permissions exist for a role in different indices, the rule with lowest index
number is applied.

operation

Optional. Defines the general access mode granted by the rule. Access can be read-only or
read-write (default).

action

Optional. A modifier restricting the general access mode. The specified access is either
accepted (accept) or rejected (reject). The default value is “reject”.

TABLE 7

Rule attributes (Continued)

Parameter

Description