Command access rules, Table 7, Deleting a role – Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual

182

Network OS NETCONF Operations Guide

53-1003231-02

Command access rules

15

Deleting a role

To delete a role, perform the following steps.

1. Issue the <edit-config> RPC to configure the <role> node in the

urn:brocade.com:mgmt:brocade-aaa namespace.

2. Under the <role> node, include the <name> node element, and include the delete operation in

the element tag.

3. Under the <name> node, include the <name> leaf element and specify the name of the role

you want to delete.

<?xml version="1.0" encoding="UTF-8"?>

<rpc message-id="809" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">

<edit-config>

<target>

<running/>

</target>

<config>

<role xmlns="urn:brocade.com:mgmt:brocade-aaa">

<name xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"

operation="delete">

<name>VLANAdmin</name>

</name>

</role>

</config>

</edit-config>

</rpc>

<rpc-reply message-id="809" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">

<ok/>

</rpc-reply>

Command access rules

Command authorization is defined in terms of an ordered set of rules that are associated with a
role. Rules define and restrict a role to access modes (read-only or read-write access), and beyond
that can define permit or reject on specified command groups or individual commands. You can
associate multiple rules with a given user-defined role, but you can only associate one role with any
given user account.

To specify a rule, you must specify at least three mandatory attributes: a rule index number, the role
to which the rule should apply, and the command that is defined by the rule.

Table 7

describes the

rule attribute details.

TABLE 7

Rule attributes

Parameter

Description

index

A numeric identifier of the rule in the range between 1 and 512.

role

The name of the role for which the rule is defined.

command

The command for which access is defined.