Modifying an authorization policy, Deleting an authorization policy – H3C Technologies H3C Intelligent Management Center User Manual
Page 63
54
d.
Select an option from the Authorization Command Set list. The authorization command set
includes all authorized commands for the user to execute after login. Options are:
−
Unlimited—Allows the user to execute any command.
−
Forbid—Prohibits the user from executing any command.
e.
Click OK.
f.
Repeat the previous steps to add more authorization rules..
You cannot add two authorization rules with the same device area, device type, and
authorized time range.
g.
Adjust the priorities for the authorization rules:
−
Move Up—Click the Move Up icon for an authorization rule to increase its priority.
−
Move Down—Click the Move Down icon for an authorization rule to reduce its priority.
If a device user matches multiple conditions, TAM applies the shell profile and command set
defined in the condition that has the highest priority to the user.
h.
To modify an authorization rule, click the Modify icon
for the rule.
i.
To delete an authorization rule, click the Delete icon for the rule.
7.
Click OK.
Modifying an authorization policy
Modifying an authorization policy does not affect the shell profile of the condition that an online device
user matches, but affects the command set to apply.
•
If the command set of the condition is changed, the new command set applies to the online device
user.
•
If the condition that the online device user matches is changed, the command set of the new
condition applies to the user.
To modify an authorization policy:
1.
Click the User tab.
2.
On the navigation tree, select Device User Policy > Authorization Policies.
The authorization policy list displays all authorization policies.
3.
Click the Modify icon
for the authorization policy you want to modify.
The Modify Authorization Policy page appears.
You can modify all parameters except Device Area, Device Type, and Authorized Time Range. For
more information about modifying an authorization policy, see "
Adding an authorization policy
."
4.
Click OK.
Deleting an authorization policy
You cannot delete an authorization policy that is being used by a device user, device user group, or an
LDAP synchronization policy.
To delete an authorization policy:
1.
Click the User tab.