H3C Technologies H3C Intelligent Management Center User Manual

53

in to any device and executing any command. Operators cannot delete the rule, but they can

modify the settings.
To modify the predefined authorization rule:

a.

In the Access Authorization Info area, click the Modify icon

for the predefined

authorization rule.
The Modify Access Authorization window appears.

b.

Modify the following parameters for the rule:
Shell Profile—Controls login behaviors of the device user who matches the rule. Options are:

−

Deny—The device denies user logins.

−

Default Device Configuration—The device applies the default settings configured at the CLI
to the user, including the ACL, commands for automatic execution, authorization level,

user-defined attributes, idle time, and session lifetime.

−

Authorization Command Set—The command set includes all authorized commands that the
user can execute after login. Options are:

−

Unlimited—Allows the user to execute any command.

−

Forbid—Prohibits the user from executing any command.

The Device Area, Device Type, and Authorized Time Range fields cannot be modified.

c.

Click OK.

6.

Configure user-defined authorization rules for the authorization policy:

a.

In the Access Authorization Info area, click Add.
The Add Access Authorization window appears.

b.

Define the condition by setting the device area, device type, and authorized time range.
A device user matches the condition only when the user logs in to a device of the specified
device type on the device area within the authorized time range.

−

Click the Select Device Area icon next to the Device Area field, select a device area or
Unlimited, and then click OK.

The device area specifies the range of devices to be matched in the condition.
If you select Unlimited, any device area matches the condition.

−

Click the Select Device Type icon next to the Device Type field, select a device type or

Unlimited, and then click OK.

The device type specifies the type of devices to be matched in the condition.
If you select Unlimited, any device type matches the condition.

−

Click the Delete icon to clear your selection.

−

From the Authorized Time Range list, select an authorized time range or Unlimited.

This parameter specifies the login time range to be matched in the condition.
If you select Unlimited, any time range matches the condition.

c.

Select an option from the Shell Profile list. The shell profile controls login behaviors of device
users who match the rule. Options are:

−

Deny—The device denies user login.

−

Default Device Configuration—The device applies the default settings configured at the CLI
to the user, including the ACL, commands for automatic execution, authorization level,

user-defined attributes, idle time, and session lifetime.