authorization policy¶
The following operations can be performed on "authorization policy":
add | rm | set | rename | show
add authorization policy¶
Creates an authorization policy. Authorization policies allow AAA users and AAA groups to access resources through SSL VPN/AAA-TM enabled virtual servers.
Synopsys¶
add authorization policy <name> <rule> <action>
Arguments¶
name
Name for the new authorization policy.
Must begin with a letter, number, or the underscore character (_), and must contain only letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore characters. Cannot be changed after the authorization policy is added.
The following requirement applies only to the NetScaler CLI:
If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, ?my authorization policy? or ?my authorization policy?).
rule
Name of the NetScaler named rule, or a default syntax expression, that the policy uses to perform the authentication.
action
Action to perform if the policy matches: either allow or deny the request.
Example¶
Example: Consider the following authorization policy, "author-policy", add authorization policy author-policy "URL == /*.gif" DENY bind aaa user foo -policy author-policyIf the user "foo" now logs in through the SSL VPN and makes any other request except "gif", the rule will be evaluated to FALSE, and the negetion of DENY, i.e. ALLOW, will be applied. So all those resource will implicitly be allowed to access. If "foo" tries to accesss "abc.gif" this access will be denied.
rm authorization policy¶
Removes an authorization policy.
Synopsys¶
rm authorization policy <name>
Arguments¶
name
Name of the authorization policy to be removed.
set authorization policy¶
Configures the specified parameters of an authorization policy.
Synopsys¶
set authorization policy <name> [-rule <expression>] [-action <string>]
Arguments¶
name
Name of the authorization policy to modify.
rule
Name of the NetScaler named rule, or a default syntax expression, that the policy uses to perform the authentication.
action
Action to perform if the policy matches: either allow or deny the request.
rename authorization policy¶
Rename a author policy.
Synopsys¶
rename authorization policy <name>@ <newName>@
Arguments¶
name
The name of the author policy.
newName
The new name of the author policy.
Example¶
rename auth policy oldname newname
show authorization policy¶
Displays the current settings for the specified authorization policy. If no policy name is provided, displays a list of all authorization policies currently configured on the NetScaler appliance.
Synopsys¶
show authorization policy [<name>]
Arguments¶
name
Name of the authorization policy.
Outputs¶
rule
Rule of the policy.
action
Authorization action associated with the policy. It can be either ALLOW or DENY.
boundTo
The entity name to which policy is bound
activePolicy
priority
flag
bindPolicyType
policyType
vserverType
expressionType
Type of policy (Classic/Advanced)
devno
count
stateflag