beautypg.com

Adding a rule, Changing a rule, Deleting a rule – Brocade Network OS Administrator’s Guide v4.1.1 User Manual

Page 275: Adding a rule changing a rule deleting a rule

background image

Adding a rule

You add a rule to a role by entering the rule command with appropriate options. Any updates to the
authorization rules will not apply to the active sessions of the users. The changes are applied only when
users log out from the current session and log in to a new session.

The following example creates the rules that authorize the security administrator role to create and
manage user accounts:

1. In privileged EXEC mode, use the configure terminal command to enter global configuration mode.

switch# configure terminal

Entering configuration mode terminal

2. Create a rule specifying read-write access to the global configuration mode.

switch(config)# rule 150 action accept operation read-write role SecAdminUser

command config

3. Create a second rule specifying read-write access to the username command. Enter the rule

command with the specified parameters.

switch(config)# rule 155 action accept operation read-write role SecAdminUser

command username

4. After creating the rules, the user of the SecAdminUser account can log in to the switch and create or

modify the user accounts by using the username command.

switch login: SecAdminUser

Password:******

Welcome to the ConfD CLI

SecAdminUser connected from 127.0.0.1 using console on switch

switch# configure terminal

Entering configuration mode terminal

Current configuration users:

admin console (cli from 127.0.0.1) on since 2010-08-16 18:35:05 terminal mode

switch(config)# username testuser role user password (): ********

Changing a rule

The following example changes the previously created rule (index number 155) so that the command
username is replaced by role.

1. In privileged EXEC mode, use the configure terminal command to enter global configuration mode.

switch# configure terminal

Entering configuration mode terminal

2. Enter the rule command, specifying an existing rule (index 155) and changing the command

attribute to the role command.

switch(config)# rule 155 command role

After changing rule 155, SecAdminUser can log in to the switch and execute the role command and
not the username command.

switch# login SecAdminUser

switch# Password: ***********

Welcome to the ConfD CLI

SecAdminUser connected from 127.0.0.1 using console on sw0

switch# configure terminal

Entering configuration mode terminal

Current configuration users:

admin console (cli from 127.0.0.1) on since 2010-08-16 18:35:05 terminal mode

switch(config)# role name NetworkAdmin

Deleting a rule

1. In privileged EXEC mode, use the configure terminal command to enter global configuration mode.

switch# configure terminal

Entering configuration mode terminal

2. Enter the no rule command followed by the index number of the rule you wish to delete.

switch(config)# no rule 155

Adding a rule

Network OS Administrator’s Guide

275

53-1003225-04