OcNOS-RON : NetConf Command Reference Guide : NetConf Reference : IPI-ROLE-BASED-ACCESS-CONTROL
IPI-ROLE-BASED-ACCESS-CONTROL
Configure policy name
Use this attribute to create a TACACS+ Role-Based Authorization (RBAC) policy and enter RBAC policy mode.
Attribute Name: policy-name
Attribute Type: string
Attribute Range: 2-16
Netconf edit-config payload
<role-based-access-control xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-role-based-access-control">
<policies>
<policy> <!-- operation="delete"-->
<policy-name>POLICY-NAME</policy-name>
<config>
<policy-name>POLICY-NAME</policy-name>
</config>
</policy>
</policies>
</role-based-access-control>
Command Syntax
policy POLICY-NAME
Configure command mode
Attribute to specify the mode in which CLI should be allowed/denied. Command prompt string such as ’config-router’ or ’config-if’, deny/Permit access to the command only in this mode.
Attribute Name: command-mode
Attribute Type: string
Attribute Name: rule-type
Attribute Type: enum (deny|permit)
Netconf edit-config payload
<role-based-access-control xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-role-based-access-control">
<policies>
<policy>
<policy-name>POLICY-NAME</policy-name>
<config>
<policy-name>POLICY-NAME</policy-name>
</config>
<rules>
<rule>
<rule-name>RULE-STRING</rule-name>
<config>
<rule-name>RULE-STRING</rule-name>
<rule-type>deny</rule-type> <!-- operation="delete"-->
</config>
<command-mode>MODE-NAME</command-mode> <!-- operation="delete"-->
</rule>
</rules>
</policy>
</policies>
</role-based-access-control>
Command Syntax
(deny|permit) RULE-STRING mode MODE-NAME
Configure rule name
This attribute specifies rule string configured as regex-expression for cli authorization
Attribute Name: rule-name
Attribute Type: string
Attribute Range: 3-255
Attribute Name: rule-type
Attribute Type: enum (deny|permit)
Netconf edit-config payload
<role-based-access-control xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-role-based-access-control">
<policies>
<policy>
<policy-name>POLICY-NAME</policy-name>
<config>
<policy-name>POLICY-NAME</policy-name>
</config>
<rules>
<rule>
<rule-name>RULE-STRING</rule-name>
<config>
<rule-name>RULE-STRING</rule-name>
<rule-type>deny</rule-type>
</config>
</rule>
</rules>
</policy>
</policies>
</role-based-access-control>
Command Syntax
(deny|permit) RULE-STRING
Configure rule type
Attribute to specify the mode in which CLI should be allowed/denied. Command prompt string such as ’config-router’ or ’config-if’, deny/Permit access to the command only in this mode.
Attribute Name: command-mode
Attribute Type: string
Attribute Name: rule-type
Attribute Type: enum (deny|permit)
Netconf edit-config payload
<role-based-access-control xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-role-based-access-control">
<policies>
<policy>
<policy-name>POLICY-NAME</policy-name>
<config>
<policy-name>POLICY-NAME</policy-name>
</config>
<rules>
<rule>
<rule-name>RULE-STRING</rule-name>
<config>
<rule-name>RULE-STRING</rule-name>
<rule-type>deny</rule-type>
</config>
<command-mode>MODE-NAME</command-mode>
</rule>
</rules>
</policy>
</policies>
</role-based-access-control>
Command Syntax
(deny|permit) RULE-STRING mode MODE-NAME
Configure role name
Use this attribute to create a TACACS+ Role-Based Authorization (RBAC) role and to switch to RBAC role mode. End-user cannot specify one of these roles already defined in OcNOS: network-admin network-user network-operator network-engineer For more about these built-in roles, see ’username’ CLI configuration
Attribute Name: role-name
Attribute Type: string
Attribute Range: 2-16
Netconf edit-config payload
<role-based-access-control xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-role-based-access-control">
<roles>
<role> <!-- operation="delete"-->
<role-name>ROLE-NAME</role-name>
<config>
<role-name>ROLE-NAME</role-name>
</config>
</role>
</roles>
</role-based-access-control>
Command Syntax
role ROLE-NAME
Configure default policy
Use this atribute to set the default rule for a TACACS+ Role-Based Access Control (RBAC) role.
Attribute Name: default-policy
Attribute Type: enum (deny-all|permit-all)
Default Value: deny-all
Netconf edit-config payload
<role-based-access-control xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-role-based-access-control">
<roles>
<role>
<role-name>ROLE-NAME</role-name>
<config>
<role-name>ROLE-NAME</role-name>
</config>
<default-policy>deny-all</default-policy> <!-- operation="delete"-->
</role>
</roles>
</role-based-access-control>
Command Syntax
default (deny-all|permit-all)
Configure enable
Enable or disable the TACAS+ Role-Based Access Control of RBAC feature
Attribute Name: enable
Attribute Type: empty
Netconf edit-config payload
<role-based-access-control xmlns="http://www.ipinfusion.com/yang/ocnos/ipi-role-based-access-control">
<config>
</enable><!-- operation="delete"-->
</config>
</role-based-access-control>
Command Syntax
feature dynamic-rbac
Last modified date: 08/24/2023