Rules for operational commands
Rules can be created for the specified operational commands. By default, every role can display all the operational commands but cannot execute them. The
show commands can be accessed by all the roles.
The following rules govern operational commands:
- If a role has a rule with a
read-write operation and the
accept action for an operational command, the user associated with this role can execute the command.
- If a role has a rule with a
read-only
operation and the
accept action for an operational command, the user associated with this role can access but cannot execute the command.
- If a role has a rule with a
read-only
or
read-write operation and the
reject action for an operational command, the user associated with this role can neither access nor execute the command.
