Rules – Cisco Storage Security
The rule is the basic element of a role. A rule defines what operations the role allows the user to perform. Up to 16 rules can be configured for each role. The user-specified rule number determines the order in which the rules are applied. Rules are applied in ascending order. For example, rule 1 is applied before rule 2, which is applied before rule 3, and so on. A user not belonging to the network-admin role cannot perform commands related to roles. Note A deny-all statement is assumed as rule 0 so that no action is possible for a user role unless explicitly permitted. Each rule consists of a rule number, a rule type (permit or deny), a command type (for example, config, clear, show, exec, debug), and an optional feature name (for example, FSPF, zone, VSAN, fcping, or interface). Regardless of the read-write rule configured for a user role,…