configure identity-management role add dynamic-rule

configure identity-management role role_name [add dynamic-rule rule_name { first | last | { [before | after] ref_rule_name}}]

Description

Adds a dynamic ACL rule for the specified role and specifies the order.

Syntax Description

role_name

Specifies the name of an existing role.

rule_name

Specifies the name of a dynamic ACL rule to add to the specified role.

Default

The order of the dynamic rule is last if the order is not explicitly specified.

Usage Guidelines

The maximum number of policies or ACL rules that can be applied to a particular role is restricted to 8. This count does not include the policies and rules inherited from a parent role. Since the maximum hierarchy depth is 5, the maximum number of policies and rules supported for a role at the maximum hierarchy depth is 40 (8 x 5).

When a dynamic ACL rule is added to a role, it is immediately installed for all identities mapped to that role and roles below it in the role hierarchy.

Example

The following example configures the role named India-Engr to use the ACL rule named india-Engr-rule:

* Switch.55 # configure identity-management role "India-Engr" add dynamic-rule india-Engr-rule

History

This command was first available in ExtremeXOS 12.5.

This command was modified in ExtremeXOS 15.2.1 to specify order.

Platform Availability

This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, and X695 series switches.