Specifications

Table Of Contents

secpolicycreate

707Fabric OS Version 3.1.x/4.1.x Reference Guide

Create a new policy.

Synopsis

secpolicycreate name[, “member;member”]

Availability

Admin

Release

V3.1.x and V4.1.x

Description

Use this command to create a new policy. All policies can be created only once,

except for the DCC_POLICY_nnn. Each DCC_POLICY_nnn must each have a

unique name.

Adding members while creating a policy is optional. You may add members to a

policy later, using the secpolicyadd command.

Each policy corresponds to a management method. The list of members of a

policy acts as an access control list for that management method. When security is

first enabled using the secmodeenable command only the FCS_POLICY

exists. Before a policy is created, there is no enforcement for that management

method, that is, all access is granted. After a policy has been created and a

member has been added to the policy, that policy becomes closed to all access

except from included members. If all members are then deleted from the policy,

all access is denied for that management access method.

Note: The FCS_POLICY can only be created when enabling security mode using the

secmodeenable command.

When security is enabled, this command can only be issued from the Primary FCS

switch. See “Security Commands” on page 941.

If a TELNET_POLICY or SERIAL_POLICY is created that will end the current sectelnet or

serial session, a warning is issued.

secpolicycreate