action {deny | permit}
config>system>security>profile>entry
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command configures the action associated with the profile entry.
Specifies that commands matching the entry command match criteria are denied.
Specifies that commands matching the entry command match criteria are permitted.
match command-string
no match
config>system>security>profile>entry
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command configures a command or command subtree.
Because the system exits when the first match is found, subordinate levels cannot be modified with subsequent action commands. More specific action commands should be entered with a lower entry number or in a profile that is evaluated before this profile.
All commands below the hierarchy level of the matched command are denied.
The no form of this command removes a match condition.
Specifies the CLI command or CLI tree level that is the scope of the profile entry.
copy {user source-user | profile source-profile} to destination [overwrite]
config>system>security
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command copies a profile or user from a source profile to a destination profile.
Specifies the user, up to 32 characters, to copy from. The user must already exist.
Specifies the profile, up to 32 characters, to copy from. The profile must already exist.
Specifies the destination profile, up to 32 characters, to which the profile is copied.
Specifies that the destination profile configuration will be overwritten with the copied source profile configuration. A profile will not be overwritten if the overwrite command is not specified.
default-action {deny-all | permit-all | none}
config>system>security>profile
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command specifies the default action to be applied when no match conditions are met.
Sets the default of the profile to deny access to all commands.
Sets the default of the profile to permit access to all commands.
The permit-all keyword does not change access to security commands. Security commands are only and always available to members of the super-user profile.
Sets the default of the profile to no-action. This option is useful to assign multiple profiles to a user.
For example, if a user is a member of two profiles and the default action of the first profile is permit-all, the second profile will never be evaluated because the permit-all is executed first. Set the first profile default action to none and if no match conditions are met in the first profile, the second profile will be evaluated. If the default action of the last profile is none and no explicit match is found, the default deny-all takes effect.
description description-string
no description
config>system>security>profile>entry
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command creates a text description stored in the configuration file for a configuration context.
The description command associates a text string with a configuration context to help identify the context in the configuration file.
The no form of this command removes the string from the context.
Specifies the description character string. Allowed values are any string up to 80 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
[no] entry entry-id
config>system>security>profile
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command is used to create a user profile entry.
More than one entry can be created with unique entry-id numbers. The 7210 SAS exits when the first match is found and executes the actions according to the accompanying action command. Entries should be sequenced from most explicit to least explicit.
An entry may not have any match criteria defined (in which case, everything matches) but must have at least the keyword action for it to be considered complete.
The no form of this command removes the specified entry from the user profile.
Specifies the entry ID. An entry ID uniquely identifies a user profile command match criteria and a corresponding action. If more than one entry is configured, the entry IDs should be numbered in staggered increments to allow users to insert a new entry without requiring renumbering of the existing entries.
[no] profile user-profile-name
config>system>security
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command creates user profiles for CLI command tree permissions.
Profiles are used to either deny or permit user console access to a hierarchical branch or to specific commands.
When the profiles are created, the users command assigns users to one or more profiles. You can define up to 16 user profiles but a maximum of 8 profiles can be assigned to a user. The user-profile-name can consist of up to 32 alphanumeric characters.
The no form of this command deletes a user profile.
user-profile default
Specifies the user profile name entered as a character string. The string is case sensitive and limited to 32 ASCII 7-bit printable characters with no spaces.
renum old-entry-number new-entry-number
config>system>security>profile
Supported on all 7210 SAS platforms as described in this document, including those configured in the access-uplink operating mode.
This command renumbers profile entries to resequence the entries.
Because the 7210 SAS exits when the first match is found and executes the actions according to the accompanying action command, renumbering is useful to rearrange the entries from most explicit to least explicit.
Specifies the entry number of an existing entry.
Specifies the new entry number.