Configuring local command authorization profiles

Profiles are used to deny or allow access to a hierarchical branch or specific commands.

The following example displays a local command authorization profile called ‟ghost” that is associated with a username ‟userA”:

A:ALA-1>config>system>security# info
----------------------------------------------
...
            profile "ghost"
                default-action permit-all
                entry 1
                    match "configure"
                    action permit
                exit
                entry 2
                    match "configure service vprn <22>"
                    action read-only
                exit
                entry 3
                    match "show"
                exit
                entry 4
                    match "exit"
                exit
            exit
...
----------------------------------------------
A:ALA-1>config>system>security#
A:ALA-1>config>system>security# info
----------------------------------------------
...
    user "userA"
        ...        
        console
            member "ghost"
        exit
...