Scenario: A NetScaler Engineer has created a local account for a user according to the below
configuration:
add system user NSUser userpassword -timeout 900
add system group “NetScaler users” -timeout 900
add system cmdPolicy netscaler-users ALLOW
“(^man.*)|(^show\\\\s+(?!system)(?!configstatus)(?!ns ns\\\\.conf)(?!ns
savedconfig)(?!ns runningConfig)(?!gslb runningConfig)(?!audit
messages)(?!techsupport).*)|(^stat.*)”
bind system group “NetScaler users” -userName NSUser
bind system group “NetScaler users” -policyName netscaler-users 100
The user is able to log on but is NOT able to execute certain commands. The engineer goes back
and looks at the logs, and the following is displayed:
Oct 6 13:34:15 <local0.info> 192.168.10.50 10/06/2014:13:34:15 GMT ns1 0-
PPE-0 : CLI CMD_EXECUTED 4303 0 : User NSUser – Remote_ip 192.168.10.10
– Command “show ns runningConfig” – Status “ERROR: Not authorized to
execute this command”
Why is the command NOT working for the user?

A.
cmdPolicy is NOT configured to allow the command

B.
cmdPolicy should be set to DENY, instead of ALLOW

C.
The user should be bound to the cmdPolicy netscaler-users

D.
The priority of the cmdPolicy bound to the group “NetScaler users” should be higher