[x]

RBAC commands > display role

 

 Next

display role

Use display role to display user role information.

Syntax

display role [ name role-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

name role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. If you do not specify a user role name, the command displays information about all user roles, including the predefined user roles.

Examples

# Display information about user role 123.

<Sysname> display role name 123
Role: 123
  Description: new role
  VLAN policy: deny
  Permitted VLANs: 1 to 5, 7 to 8
  Interface policy: deny
  Permitted interfaces: FortyGigE1/0/1 to FortyGigE1/0/3, Vlan-interface1 to Vlan-interface20
  VPN instance policy: deny
  Permitted VPN instances: vpn, vpn1, vpn2
  -------------------------------------------------------------------
  Rule    Perm   Type  Scope         Entity
  -------------------------------------------------------------------
  1       permit RWX   feature-group abc
  2       deny   -W-   feature       ldap
  3       permit       command       system ; radius sc *
  4       permit R--   xml-element   -
  5       permit RW-   oid           1.2.1
  R:Read W:Write X:Execute

Table 7: Command output

Field

Description

Role

User role name.

Predefined user role names:

  • network-admin.

  • network-operator.

  • mdc-admin.

  • mdc-operator.

  • level-n (where n represents an integer in the range of 0 to 15).

Description

User role description you have configured for easy identification.

VLAN policy

VLAN policy of the user role:

  • deny—Denies access to all VLANs except permitted VLANs.

  • permit (default)—Default VLAN policy, which enables the user role to access all VLANs.

Permitted VLANs

VLANs accessible to the user role.

Interface policy

Interface policy of the user role:

  • deny—Denies access to all interfaces except permitted interfaces.

  • permit (default)—Default interface policy, which enables the user role to access all interfaces.

Permitted interfaces

Interfaces accessible to the user role.

VPN instance policy

VPN instance policy of the user role:

  • deny—Denies access to all VPN instances except permitted VPN instances.

  • permit (default)—Default VPN instance policy, which enables the user role to access all VPN instances.

Permitted VPN instances

VPN instances accessible to the user role.

Rule

User role rule number.

A user role rule specifies access permissions for items, including commands, feature-specific commands, XML elements, and MIB nodes.

Predefined user role rules are identified by sys-n, where n represents an integer.

Perm

Access control criterion:

  • permit—User role has access to the specified items.

  • deny—User role does not have access to the specified items.

Type

Item category:

  • R—Read-only.

  • W—Write.

  • X—Execute.

Scope

Rule control scope:

  • command—Controls access to the command or commands, as specified in the Entity field.

  • feature—Controls access to the commands of the feature, as specified in the Entity field.

  • feature-group—Controls access to the commands of the features in the feature group, as specified in the Entity field.

  • xml-element—Controls access to XML elements.

  • oid—Controls access to MIB nodes.

Entity

Command string, feature name, feature group, XML element, or OID specified in the user role rule:

  • An en dash (–) represents any feature.

  • An asterisk (*) represents zero or more characters.

Related commands

role

prev

 

up

 next

description 

home

 display role feature

© Copyright 2016, 2017 Hewlett Packard Enterprise Development LP