User Guide
OmniAccess SafeGuard OS Administration Guide
280
Chapter 6: Configuring Authentication and Role Derivation
description string
The following example creates a rule map for the sales department and adds a
description string to it:
(SafeGuardOS) (config) # aaa rule-map sales
(SafeGuardOS) (rulemap) # description “rule map for the sales force”
(SafeGuardOS) (rulemap) #
Specifying Logical Operators (Optional)
Rule maps support the boolean AND and OR logical operators when performing the role
match.
■ When the AND operator is specified, a rule map is only evaluated when all of the
conditions are met.
■ When the OR operator is specified, a rule map is evaluated when any of the
conditions are met.
The expression is short-circuit evaluated for increased system performance. Use the
following syntax for the operation statement in rule map submode:
operation [AND | OR]
The following example explicitly sets any user from hardware engineering, software
engineering, or quality assurance to the role of “Engineering”. The
match statement
requirements are described in Configuring the Rule Map Attributes.
(SafeGuardOS) (config) # aaa rule-map engr
(SafeGuardOS) (rulemap) # description “HW, SW and QA are engineering”
(SafeGuardOS) (rulemap) # operation or
(SafeGuardOS) (rulemap) # match ad.department equals HARDWARE
(SafeGuardOS) (rulemap) # match ad.department equals SOFTWARE
(SafeGuardOS) (rulemap) # match ad.department equals QA
(SafeGuardOS) (rulemap) # set system.roleName “ENGINEERING”
(SafeGuardOS) (rulemap) # end
Syntax Description string Description of the rulemap being
created. Enter the string in double
quotation marks.
Syntax Description AND Specifies that all of the conditions in the
following match statements must be said
to match to set the role.
OR (Default) Specifies that only one of the
conditions in the following match
statements must be said to match to set
the role.