Role Configuration Mode Commands

Similar documents
Configuring Role-Based Access Control

Managing the ACE Software

Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide

Configuring Network Address Translation

Configuring Real Servers and Server Farms

Bridging Traffic CHAPTER3

Configuring Stickiness

Configuring Bridged Mode

Configuring Real Servers and Server Farms

Configuring SSL Termination

Configuring Route Health Injection

Enabling Remote Access to the ACE

Configuring Virtual Servers

Configuring End-to-End SSL

Configuring Traffic Policies for Server Load Balancing

Configuring Traffic Policies for Server Load Balancing

Configuring Cisco ACE for Load Balancing Cisco Identity Service Engine (ISE)

Overview of the Cisco NCS Command-Line Interface

Overview. ACE Appliance Device Manager Overview CHAPTER

Configuring Real Servers and Server Farms

Configuring Traffic Policies for Server Load Balancing

Configuring the CSS as a Client of a TACACS+ Server

Cisco Virtual Office High-Scalability Design

Quick Start Guide, Cisco ACE 4700 Series Application Control Engine Appliance

Using Configuration Building Blocks

Configuring SNMP. Information About SNMP CHAPTER

Using Configuration Building Blocks

vserver vserver virtserver-name no vserver virtserver-name Syntax Description

Cisco WAAS Software Command Summary

Managing GSS User Accounts Through a TACACS+ Server

Configuring an Optimization HTTP Action List

Oracle E-Business Suite 11i with Cisco ACE Series Application Control Engine Deployment Guide, Version 1.0

Release Note for the Cisco 4700 Series Application Control Engine Appliance

HTTP 1.1 Web Server and Client

Configuring Management Access

Using Application Template Definitions

Configuring a MAC ACL

Configure ACE with Source NAT and Client IP Header Insert

Managing GSS User Accounts Through a TACACS+ Server

Upgrade/Downgrade Guide, Cisco ACE 4700 Series Application Control Engine Appliance

Configuring System Message Logging

Action List Modify Configuration Mode Commands

TACACS+ Configuration Mode Commands

Configuring Web-Based Authentication

ASACAMP - ASA Lab Camp (5316)

GSS Administration and Troubleshooting

Configuring Command Macros

Configuring Web-Based Authentication

Configuring Role-Based Access Control

Configuring an IP ACL

Configuring the CSS for Device Management

Configuring Traffic Policies

Standard ACL Configuration Mode Commands

Configuring TACACS+ About TACACS+

Troubleshooting. Testing Your Configuration CHAPTER

Using ANM With Virtual Data Centers

Configuring Logging for Access Lists

Managing ACE Software Licenses

Configuring Different Modes of Operation

Object Groups for ACLs

Configuring Application Protocol Inspection

CCNA Discovery 3 Chapter 8 Reading Organizer

upgrade-mp through xlate-bypass Commands

Examples of Cisco APE Scenarios

Managing GSS User Accounts Through a TACACS+ Server

Configuring Web-Based Authentication

Oracle 10g Application Server Suite Deployment with Cisco Application Control Engine Deployment Guide, Version 1.0

Configuring the DHCP Relay

Configuring Role-Based Access Control

Create User Profiles and Assign Privileges

IEEE 802.1X Multiple Authentication

Configuring WCCPv2. Information About WCCPv2. Send document comments to CHAPTER

Configuring TACACS+ Finding Feature Information. Prerequisites for TACACS+

Transferring Files Using HTTP or HTTPS

Configuring Local Authentication and Authorization

Configuring Switch-Based Authentication

Security Overview and Cisco ACE Replacement

Using TCL Scripts with the ACE

Deploying Cisco ASA Firewall Solutions (FIREWALL v1.0)

Chapter 10 IP Access Lists: Standard

Configuring TACACS+ Information About TACACS+ Send document comments to CHAPTER

UniNets CCNA Security LAB MANUAL UNiNets CCNA Cisco Certified Network Associate Security LAB MANUAL UniNets CCNA LAB MANUAL

What is New in Cisco ACE 4710 Application Control Engine Software Release 3.1

Managing ACE Software Licenses

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Exam Name: Implementing Cisco Edge Network Security Solutions

Cisco IOS Commands for the Catalyst 4500 Series Switches

Cisco IOS Commands for the Catalyst 4500 Series Switches

Using Homepage. Information About Homepage CHAPTER

Troubleshooting the Security Appliance

Configuring User Accounts and RBAC

Getting Started. Getting Started with Your Platform Model. Factory Default Configurations CHAPTER

Using Homepage. Information About Hompage CHAPTER

Configure High Availability for Unified CVP

HTTP 1.1 Web Server and Client

Cisco Application Control Engine Module Routing and Bridging Configuration Guide

Configuring VLAN Interfaces

Configuring Network Admission Control

Configuring Logging. Information About Logging CHAPTER

Per-User ACL Support for 802.1X/MAB/Webauth Users

Transcription:

Role configuration mode commands allow you to define various rules for users who are assigned a role and optionally, to describe a role definition. Roles determine the privileges that a user has, the commands a user can enter, and the actions that a user can perform in a particular context. To assign a role and access role configuration mode, enter the role command in configuration mode. The CLI prompt changes to (config-role). For information about the commands in role configuration mode, see the commands in this section. Use the no form of this command to remove the user role assignment. role name no role name Syntax Description name Identifier associated with a user role. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. Configuration mode Admin and user contexts The commands in this mode require the context Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine. If you do not assign a user role to a new user, the default user role is Network-Monitor. For users that you create in the Admin context, the default scope of access is the entire device. For users that you create in other contexts, the default scope of access is the entire context. If you need to restrict a user s access, you must assign a role-domain pair using the (config) username command. To assign a role, enter: host1/c1(config)# role TECHNICIAN host1/c1(config-role)# To remove the role from the configuration, enter: host1/c1(config)# no role TECHNICIAN 2-1215

(config-role) description To enter a description for the role, use the description command. Use the no form of this command to remove the role description from the configuration. description text no description Syntax Description text Description for the role. Enter a description as an unquoted text string with a maximum of 240 alphanumeric characters. Role configuration mode Admin and user contexts This command has no usage guidelines. This example shows how to provide an additional description about a role: host1/c1(config-role)# description DEFINES TECHNICIAN ROLE To remove the description from the configuration, enter: host1/c1(config)# no description DEFINES TECHNICIAN ROLE 2-1216

(config-role) rule To assign privileges on a per-feature basis to a role, use the rule command. You can limit the features that a user has access to and the commands that the user can enter for that feature by configuring rules for roles. Use the no form of this command to remove the rule from a user role. rule number {{permit deny} {create debug modify monitor} [feature {AAA access-list changeto config-copy connection dhcp exec-commands fault-tolerant inspect interface loadbalance nat pki probe real-inservice routing rserver serverfarm ssl sticky syslog vip}]} no rule number Syntax Description number Identifier of the rule and order of precedence. Enter a unique integer from 1 to 16. The rule number determines the order in which the ACE applies the rules, with a higher-numbered rule applied after a lower-numbered rule. permit deny create debug modify monitor feature AAA access-list changeto config-copy connection dhcp exec-commands fault-tolerant inspect Allows the role to perform the operations defined by the rest of the command keywords. Disallows the role to perform the operations defined by the rest of the command keywords. Specifies commands for the creation of new objects or the deletion of existing objects (includes modify, debug, and monitor commands). Specifies commands for debugging problems (includes monitor commands). Specifies commands for modifying existing configurations (includes debug and monitor commands). Specifies commands for monitoring resources and objects (show commands). (Optional) Specifies a particular ACE feature for which you are configuring this rule. The available features are listed below. Specifies commands for authentication, authorization, and accounting. Specifies commands for access control lists (ACLs). Includes ACL configuration, class maps for ACLs, and policy maps that contain ACL class maps. Specifies the changeto command for user-defined roles. Users retain their privileges when accessing different contexts. By default, this command is disabled for user-defined roles. Specifies commands for copying the running-config to the startup-config, startup-config to the running-config, and copying both config files to the Flash disk (disk0:) or a remote server. Specifies commands for network connections. Specifies commands for Dynamic Host Configuration Protocol (DHCP). Specifies the following command for user-defined roles: capture, debug, delete, gunzip, mkdir, move, rmdir, set, setup, system, tac-pac, untar, write, and undebug commands. By default, these command are disabled for user-defined roles. Specifies commands for redundancy. Specifies commands for packet inspection used in data-center security. 2-1217

interface loadbalance nat pki probe real-inservice routing rserver serverfarm ssl sticky syslog vip Specifies all interface commands. Specifies commands for load balancing (for the ACE appliance, this includes the application acceleration and optimization functions). Allows adding a load-balancing action in a policy map. Specifies commands for Network Address Translation (NAT) associated with a class map in a policy map used in data-center security. Specifies commands for Public Keyword Infrastructures (PKIs). Specifies commands for keepalives for real servers. Specifies commands for placing a real server in service. Specifies all commands for routing, both global and per interface. Specifies commands for physical servers. Specifies commands for server farms. Specifies commands for SSL. Specifies commands for server persistence. Specifies the system logging facility setup commands. Specifies commands for virtual IP addresses. Role configuration mode. A2(1.3) The changeto and exec-commands options were added to this command. A3(2.2) The changeto and exec-commands options were added to this command. (ACE appliance only) To allow a user with a customized role to work from the ACE Appliance Device Manager, you must configure the role with rules that permit the create operation for the config-copy and exec-commands features. To configure a rule that allows a role to create and configure real servers, enter: host1/c1(config-role)# rule 1 permit create rserver To remove the rule from a role, enter: host1/c1(config-role)# no rule 1 permit create rserver 2-1218

2-1219

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback