Adding a rule – Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual

184

Network OS NETCONF Operations Guide

53-1003231-02

Command access rules

15

The following exception applies. When a match is found for a rule with the read-only operation, and
the accept action, the system seeks to determine if there are any rules with the read-write
operation and the accept action. If such rules are found, the rule with the read-write permission is
applied.

Adding a rule

When you add a rule to a role, any updates to the authorization rules will not apply to the active
sessions of the users. The changes will be applied only when users log out from the current session
and log in to a new session.

To add a rule, perform the following steps.

1. Issue the RPC to configure the node in the

urn:brocade.com:mgmt:brocade-aaa namespace.

2. Under the node, include the following leaf elements.

a. In the element, specify a numeric value that uniquely identifies the rule.

b. In the element, specify “accept” or “reject”.

c. In the element, specify “read-write” or “read-only”.

d. In the element, specify the role to which you want to add the rule.

3. Under the node, include the node element.

4. Under the node, include elements that define the command to be applied in the

rule.

The following example creates the rules that authorize the security administrator role to create and
manage user accounts. After creating these rules, the user of the SecAdminUser account can log in
to the switch and create or modify the user accounts with the username command.

150

accept

read-write

SecAdminUser

config

155

accept

read-write

SecAdminUser

username