User Guide
OmniAccess SafeGuard OS Administration Guide
321
Chapter 7: Establishing a Security Policy
In this example, we are binding both a malware policy and a user policy to the Finance
role. We are also assigning a precedence number to the user policy but we are allowing
the system to assign an auto-precedence number to blaster-policy.
(SafeGuardOS) (config) #user-role finance
(SafeGuardOS) (user-role) #malware-policy blaster-policy
(SafeGuardOS) (user-role) #user-policy finance-policy precedence 101
(SafeGuardOS) (user-role) #
Removing a Role
A role can be deleted using the no version of the command:
no user-role role_name
In this example, we are removing the user role for Finance.
(SafeGuardOS) (config) # user-role finance
(SafeGuardOS) (user-role) # no user-role finance
(SafeGuardOS) (user-role) #
Refreshing Policies and Roles
When you map to a role, or if you remove a role, an update is automatically triggered by
the software. However, if you modify a policy that has already been mapped or if you
change a role definition, you must refresh the policy or role. You must perform a refresh
even if the policy configuration occurred while in pass-thru mode.
To individually refresh a policy or role, use the refresh command. All policies and roles
can be refreshed at the same time.
To allow the system to download the changed policy and roles for the affected users, use
the following refresh Privileged Exec command:
refresh policy [all | policy name | role name]
Network Zones Example
The following is an example of a user policy with a network zone. In the first portion of
the example we define the network zone; in the second portion, we bind the zone to a
user policy.
Syntax Description role_name A name that identifies the role.
Syntax Description all Refreshes all policies and roles.
name Refreshes an individual policy or role.