Adding a rule

You add a rule to a role by entering the rule command with appropriate options. Any updates to the authorization rules will not apply to the active sessions of the users. The changes are applied only when users log out from the current session and log in to a new session.

The following example creates the rules that authorize the security administrator role to create and manage user accounts.

  1. In privileged EXEC mode, use the configure terminal command to enter global configuration mode. 
    device# configure terminal
  2. Create a rule specifying read-write access to the global configuration mode. 
    device(config)# rule 150 action accept operation read-write role SecAdminUser command config
  3. Create a second rule specifying read-write access to the username command. Enter the rule command with the specified parameters. 
    device(config)# rule 155 action accept operation read-write role SecAdminUser command username
  4. "SecAdminUser" users can create or modify user accounts. 
    device# configure terminal
Entering configuration mode terminal
Current configuration users:
admin console (cli from 127.0.0.1) on since 2010-08-16 18:35:05 terminal mode

device(config)# username testuser role user password (<string>): ********
9036684-01 Rev AA