User Guide

OmniAccess SafeGuard OS Administration Guide

238

Chapter 6: Configuring Authentication and Role Derivation

entries to call on the same set of match conditions. An attribute rule set is

comprised of:

— The name of the rule

— (Optional) A description

— (Optional) An operation

— A set of match statements

2 Create the extended white list entry. The white list entry is comprised of:

— The name of the white list entry

— (Optional) A description

— (Optional) An operation

— One or more match statements

— A set command that reflects how to set user name and role values

3 Apply the white list and assign a precedence number

Create an Attribute Rule Set

Choose to place your match statements in an attribute ruleset, place them inline within

the extended white list entry, or a mixture of the two.

1 Create the attribute rule set by assigning a name to the rule.

If you choose to create an attribute rule set, start by naming the attribute rule set.

The name is a text string to identify the rule; the name has no bearing on the

matches it performs. It must be unique within the system.

To assign a name to an attribute rule set, enter rule map submode by using the aaa

attribute-rule command in Global Configuration mode:

aaa attribute-rule rule_name

The following example creates an attribute rule set called “briefingCtr”:

(SafeGuardOS) #configure terminal

(SafeGuardOS) (config) #aaa attribute-rule briefingctr

(SafeGuardOS) (attr-rule)#

To remove an attribute rule set, use the no version of this command.

2 (Optional) Add a description of the attribute rule set.

Syntax

Description

rule_name The name of the attribute rule being

created.