[x]

RBAC commands > role

 

 Next

role

Use role to create a user role and enter user role view. If the user role has been created, you directly enter the user role view.

Use undo role to delete a user role.

Syntax

role name role-name

undo role name role-name

Default

The system has the following predefined user roles: network-admin, network-operator, mdc-admin, mdc-operator, and level-n (where n represents an integer in the range of 0 to 15).

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

name role-name: Specifies a username. The role-name argument is a case-sensitive string of 1 to 63 characters.

Usage guidelines

You can create a maximum of 64 user roles in addition to the predefined user roles.

To change the permissions assigned to a user role, you must first enter the user role view.

You cannot delete the predefined user roles or change the permissions assigned to network-admin, network-operator, mdc-admin, mdc-operator, or level-15.

The access permissions of the level-0 to level-14 user roles can be modified through user role rules and resource access policies. However, you cannot make changes on the predefined access permissions of these user roles. For example, you cannot change the access permission of these user roles to the display history-command all command.

Examples

# Create a user role named role1 and enter user role view.

<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1]

Related commands

display role

interface policy deny

rule

vlan policy deny

vpn-instance policy deny

prev

 

up

 next

permit vpn-instance 

home

 role default-role enable

© Copyright 2016, 2017 Hewlett Packard Enterprise Development LP