R21xx-HP FlexFabric 11900 Fundamentals Configuration Guide
46
Configuring feature groups
Use feature groups to bulk assign command access permissions to sets of features. In addition to the
predefined feature groups, you can create up to 64 custom feature groups and assign a feature to
multiple feature groups.
To configure a feature group:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a feature group
and enter feature group
view.
role feature-group name
feature-group-name
By default, the system has the
following predefined feature
groups:
• L2—Includes all Layer 2
commands.
• L3—Includes all Layer 3
commands.
These two groups are not user
configurable.
3. Add a feature to the
feature group.
feature feature-name
By default, a feature group has no
features.
IMPORTANT:
You can specify only features
available in the system and must
enter feature names exactly the
same as they are displayed,
including the case.
Changing resource access policies
Every user role has one interface policy, VLAN policy, and VPN instance policy. By default, these policies
permit user roles to access any interface, VLAN, and VPN. You can change the policies of user-defined
user roles and the predefined level-n user roles to limit their access to interfaces, VLANs, and VPNs. A
changed policy takes effect only on users that are logged in with the user role after the change.
Changing the interface policy of a user role
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter user role view.
role name role-name N/A
3. Enter user role interface
policy view.
interface policy deny
By default, the interface policies of
user roles permit access to all
interfaces.
This command disables the access of
the user role to any interface.