477undo pki certificate access-control-policy policy-nameDefaultNo certificate-based access control policies exist.ViewsSystem viewPredefined user rolesnetwork-adminParameterspolicy-name: Specifies a policy name, a case-insensitive string of 1 to 31 characters.Usage guidelinesA certificate-based access control policy contains a set of access control rules that permit or denyaccess to the device based on the attributes in the requesting client's certificate.Examples# Create a certificate-based access control policy named mypolicy and enter its view. system-view[Sysname] pki certificate access-control-policy mypolicy[Sysname-pki-cert-acp-mypolicy]Related commandsdisplay pki certificate access-control-policyrulepki certificate attribute-groupUse pki certificate attribute-group to create a certificate attribute group and enter its view, or enterthe view of an existing certificate attribute group.Use undo pki certificate attribute-group to remove a certificate attribute group.Syntaxpki certificate attribute-group group-nameundo pki certificate attribute-group group-nameDefaultNo certificate attribute groups exist.ViewsSystem viewPredefined user rolesnetwork-adminParametersgroup-name: Specifies a group name, a case-insensitive string of 1 to 31 characters.Usage guidelinesA certificate attribute group is a set of attribute rules configured by using the attribute command.Each attribute rule defines a matching criterion for an attribute in the issuer name, subject name, oralternative subject name field of certificates.