action {deny | permit}
config>system>security>profile user-profile-name>entry
Supported on all 7210 SAS platforms as described in this document
This command configures the action associated with the profile entry.
Specifies that commands matching the entry command match criteria are to be denied.
Specifies that commands matching the entry command match criteria are permitted.
match command-string
no match
config>system>security>profile user-profile-name>entry
Supported on all 7210 SAS platforms as described in this document
This command configures a command or command subtree.
Because the 7210 SAS exits when the first match is found, subordinate levels cannot be modified with subsequent action commands. More specific action commands should be entered with a lower entry number or in a profile that is evaluated before this profile.
All commands below the hierarchy level of the matched command are denied.
The no form of this command removes a match condition.
Specifies the CLI command or CLI tree level that is the scope of the profile entry.
copy {user source-user | profile source-profile} to destination [overwrite]
config>system>security
Supported on all 7210 SAS platforms as described in this document
This command copies a profile or user from a source profile to a destination profile.
Specifies the profile to copy, up to 32 characters. The profile must exist.
Specifies the destination profile, up to 32 characters.
Specifies that the destination profile configuration is overwritten with the copied source profile configuration. A profile is not overwritten if the overwrite keyword is not specified.
default-action {deny-all | permit-all | none}
config>system>security>profile
Supported on all 7210 SAS platforms as described in this document
This command specifies the default action to be applied when no match conditions are met.
Sets the default of the profile to deny access to all commands.
Sets the default of the profile to allow access to all commands.
This keyword does not change access to security commands. Security commands are only and always available to members of the super-user profile.
Sets the default of the profile to no-action. This option is useful to assign multiple profiles to a user.
For example, if a user is a member of two profiles and the default action of the first profile is permit-all, the second profile is never evaluated because the permit-all is executed first. Set the first profile default action to none and if no match conditions are met in the first profile, the second profile is evaluated. If the default action of the last profile is none and no explicit match is found, the default deny-all takes effect.
description description-string
no description
config>system>security>profile user-profile-name>entry
Supported on all 7210 SAS platforms as described in this document
This command configures a text description stored in the configuration file for a configuration context.
The description command associates a text string with a configuration context to help identify the context in the configuration file.
The no form of this command removes the string from the context.
Specifies the description character string. Allowed values are any string up to 80 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
[no] entry entry-id
config>system>security>profile
Supported on all 7210 SAS platforms as described in this document
This command creates a user profile entry.
More than one entry can be created with unique entry-id numbers. The 7210 SAS exits when the first match is found and executes the actions according to the accompanying action command. Entries should be sequenced from most explicit to least explicit.
An entry may not have any match criteria defined (in which case, everything matches) but must have at least the keyword action for it to be considered complete.
The no form of this command removes the specified entry from the user profile.
Specifies a unique user profile command match criteria and a corresponding action. If more than one entry is configured, the entry IDs should be numbered in staggered increments to allow users to insert a new entry without requiring renumbering of the existing entries.
[no] profile user-profile-name
config>system>security
Supported on all 7210 SAS platforms as described in this document
This command creates user profiles for CLI command tree permissions.
Profiles are used to either deny or allow user console access to a hierarchical branch or to specific commands.
After the profiles are created, the users command assigns users to one or more profiles. You can define up to 16 user profiles, but a maximum of 8 profiles can be assigned to a user. The user-profile-name can consist of up to 32 alphanumeric characters.
The no form of this command deletes a user profile.
user-profile default
Specifies the user profile name entered as a character string. The string is case sensitive and limited to 32 ASCII 7-bit printable characters with no spaces.
renum old-entry-number new-entry-number
config>system>security>profile user-profile-name
Supported on all 7210 SAS platforms as described in this document
This command renumbers profile entries to re-sequence the entries.
Because the 7210 SAS exits when the first match is found and executes the actions according to accompanying action command, re-numbering is useful to rearrange the entries from most explicit to least explicit.
Specifies the entry number of an existing entry.
Specifies the new entry number.