beautypg.com

Rule – Brocade Network OS Command Reference v4.1.0 User Manual

Page 677

background image

Network OS Command Reference

639

53-1003115-01

rule

2

rule

A rule defines the permissions applicable to a particular role.

Synopsis

rule index [action {accept | reject}] [operation {read-only | read-write}] role role_name
command command_name

no rule index

Operands

index

Specifies a numeric identifier for the rule. Valid values range from 1
through 512.

action accept | reject

Specifies whether the user is accepted or rejected while attempting to
execute the specified command. The default value is accept.

operation read-only | read-write

Specifies the type of operation permitted. The default value is read-write.

role role_name

Specifies the name of the role for which the rule is defined.

command command_name

Specifies the command for which access is defined. Separate commands
with a space. RBAC support is provided only for the following commands
with parameters: copy, clear, interface, and protocol.

Defaults

The default for action is accept. The default for operation is read-write.

Command Modes

Global configuration mode

Description

Use this command to create the Role-Based Access Permissions (RBAC) permissions associated
with a role. Network OS uses RBAC as the authorization mechanism. Every user account must be
associated with a role. Every user account can only be associated with a single role. Note that the
permissions cannot be assigned directly to the user accounts and can only be acquired through
the associated role.

Usage Guidelines

When you create a rule, the role, index, and command operands are mandatory and the action
and operation operands are optional. The maximum number of rules is 512.

When you modify a rule, all operands except index are optional.

Enter no rule index to remove the specified rule.

Examples

To create a rule allowing the NetworkSecurityAdmin role to create user accounts:

switch(config)# rule 150 action accept operation read-write

role NetworkSecurityAdmin command config

switch(config)# rule 155 action accept operation read-write

role NetworkSecurityAdmin command username

To delete a rule:

switch(config)# no rule 155

See Also

role name, show running-config role, show running-config rule

See also other documents in the category Brocade Computer Accessories: