Adding a rule, Changing a rule, Deleting a rule – Brocade Network OS Administrator’s Guide v4.1.1 User Manual
Page 275: Adding a rule changing a rule deleting a rule

Adding a rule
You add a rule to a role by entering the rule command with appropriate options. Any updates to the
authorization rules will not apply to the active sessions of the users. The changes are applied only when
users log out from the current session and log in to a new session.
The following example creates the rules that authorize the security administrator role to create and
manage user accounts:
1. In privileged EXEC mode, use the configure terminal command to enter global configuration mode.
switch# configure terminal
Entering configuration mode terminal
2. Create a rule specifying read-write access to the global configuration mode.
switch(config)# rule 150 action accept operation read-write role SecAdminUser
command config
3. Create a second rule specifying read-write access to the username command. Enter the rule
command with the specified parameters.
switch(config)# rule 155 action accept operation read-write role SecAdminUser
command username
4. After creating the rules, the user of the SecAdminUser account can log in to the switch and create or
modify the user accounts by using the username command.
switch login: SecAdminUser
Password:******
Welcome to the ConfD CLI
SecAdminUser connected from 127.0.0.1 using console on switch
switch# configure terminal
Entering configuration mode terminal
Current configuration users:
admin console (cli from 127.0.0.1) on since 2010-08-16 18:35:05 terminal mode
switch(config)# username testuser role user password (
Changing a rule
The following example changes the previously created rule (index number 155) so that the command
username is replaced by role.
1. In privileged EXEC mode, use the configure terminal command to enter global configuration mode.
switch# configure terminal
Entering configuration mode terminal
2. Enter the rule command, specifying an existing rule (index 155) and changing the command
attribute to the role command.
switch(config)# rule 155 command role
After changing rule 155, SecAdminUser can log in to the switch and execute the role command and
not the username command.
switch# login SecAdminUser
switch# Password: ***********
Welcome to the ConfD CLI
SecAdminUser connected from 127.0.0.1 using console on sw0
switch# configure terminal
Entering configuration mode terminal
Current configuration users:
admin console (cli from 127.0.0.1) on since 2010-08-16 18:35:05 terminal mode
switch(config)# role name NetworkAdmin
Deleting a rule
1. In privileged EXEC mode, use the configure terminal command to enter global configuration mode.
switch# configure terminal
Entering configuration mode terminal
2. Enter the no rule command followed by the index number of the rule you wish to delete.
switch(config)# no rule 155
Adding a rule
Network OS Administrator’s Guide
275
53-1003225-04