Configure the Role
By default, there are four roles: Security-admin, Network-admin, Audit-admin and Network-operator. The authorities of these four roles cannot be changed.
Customize role authorities as a subset of network administrator role authorities. It is not allowed to configure module authorities that have been granted security-admin and auditor-admin roles. For detailed authorities, refer to the following table:
|
|
Log
|
History
|
User management, user authentication
|
Other Modules
|
|
Public
|
NO
|
NO
|
Modify own password
|
Show running, exit and so on
|
|
Security-admin
|
Operation log query and related configuration commands
|
History configuration and operation
|
OK
|
Lai module, line , service, AAA
|
|
Audit-admin
|
Data log query and configuration commands
|
NO
|
NO
|
NO
|
|
Network-admin
|
All other commands except for the operation log and data log
|
History configuration and operation
|
NO
|
OK
|
|
Network-operator
|
All show commands in the network administrator authority
|
Show command
|
NO
|
All show commands in the network administrator authority
|
By default, the user does not configure the role attribute. When the role attribute takes effect, the user level does not take effect any more, and the role replaces the user level as the basic criterion of instruction authorization: users have the execution authorities of different instructions according to their roles.
Configuration Conditions
None
Configure User Roles
Table 13‑2 Configure the user role
|
Step
|
Command
|
Description
|
|
Enter the global configuration mode.
|
configure terminal
|
-
|
|
Create one user role and enter the user role mode
|
role role-name
|
Mandatory
By default, there are four roles: Security-admin, Network-admin, Audit-admin and Network-operator. The authorities of these four roles cannot be changed.
|
|
Create a rule for the user role
|
rule number { deny | permit } feature {all | feature-name }
|
By default, do not define a rule for the new user role, that is, the current user role has no authorities.
The rule modification does not take effect for the current online user, but takes effect for the future user that logs in and uses the rule of the role.
The smaller the rule ID, the higher the rule priority.
|
Switch
.png){kind=icon}
.png){kind=logo}
