rule (PKI CERT ACP view)

Syntax

rule [ id ] { deny | permit } group-name

undo rule { id | all }

View

PKI certificate access control policy view

Default level

2: System level

Parameters

id: Number of the certificate attribute access control rule, in the range of 1 to 16. The default is the smallest unused number in this range.

deny: Indicates that a certificate whose attributes match an attribute rule in the specified attribute group is considered invalid and denied.

permit: Indicates that a certificate whose attributes match an attribute rule in the specified attribute group is considered valid and permitted.

group-name: Name of the certificate attribute group to be associated with the rule, a case-insensitive string of 1 to 16 characters. It cannot be a, al, or all.

all: Specifies all access control rules.

Description

Use rule to create a certificate attribute access control rule.

Use undo rule to delete access control rules.

By default, no access control rule exists.

A certificate attribute group must exist to be associated with a rule.

Examples

# Create an access control rule, specifying that a certificate is considered valid when it matches an attribute rule in certificate attribute group mygroup.

<Sysname> system-view
[Sysname] pki certificate access-control-policy mypolicy
[Sysname-pki-cert-acp-mypolicy] rule 1 permit mygroup