Roles

You can configure a maximum of 64 roles in a system and for each role, you can assign one or more rules. Roles are categorized as follows:

  • 3 default roles: operator, manager, and default-security-group

  • 16 predefined roles: Level-0 to Level-15

  • 45 user roles

NOTE:

When a user is not mapped to any role, the user gets mapped to the predefined Network-Operator role (Level-1).

Predefined roles

RBAC offers 16 predefined roles in the system (Level-0 to Level-15) as follows:
  • The Network-Diagnostic role (Level-0)This role can perform the following commands:
    • ping
    • tracert
    • ssh
    • telnet
    The superuser can configure the access rights for this role.
  • The Network-Operator role (Level-1)This role has the same access rights as the Operator role and can perform the following commands:
    • ping
    • traceroute
    • traceroute6
    • ssh
    • telnet
    • All show commands, except for show history

    • All display commands, except for display history

    The superuser can configure the access rights for this role.
  • User modifiable roles (Level-2 to Level-8 and Level-10 to Level-14)By default, these roles have no access to any commands. The superuser can configure the access rights for these roles.

  • The Designated-Administrator role (Level-9)This role can perform all commands except for user management commands (such as : deny rwx aaa, deny rwx tacas, deny radius, deny configure password, deny configure authentication, deny show authorization). You cannot configure the access rights for this role.

  • The Administrator role (Level-15)This role has the same access rights as the Manager role and it can perform all commands, features, and policies in the system. You cannot configure the access rights for this role.