PurposeCommand
Displays the syntax of the
commands that the
network-operator role can use.
show cli syntax roles network-operator
Displays the user role
configuration.
show role
Displays the feature list.show role feature
Displays the feature group
configuration.
show role feature-group
Displays the user account
configuration in the startup
configuration.
show startup-config security
Displays the user account
configuration in the running
configuration. The all keyword
displays the default values for the
user accounts.
show running-config security [all]
Displays user account information.show user-account
Configuration Examples for User Accounts and RBAC
The following example shows how to configure a user role:
role name User-role-A
rule 2 permit read-write feature bgp
rule 1 deny command clear *
The following example shows how to create a user role that can configure an interface to enable and show
BGP and show EIGRP:
role name iftest
rule 1 permit command config t; interface *; bgp *
rule 2 permit read-write feature bgp
rule 3 permit read feature eigrp
In the above example, rule 1 allows you to configure BGP on an interface, rule 2 allows you to configure the
config bgp command and enable the exec-level show and debug commands for BGP, and rule 3 allows you
to enable the exec-level show and debug eigrp commands.
The following example shows how to configure a user role that can configure only a specific interface:
role name Int_Eth2-3_only
rule 1 permit command configure terminal; interface *
interface policy deny
permit interface Ethernet2/3
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
173
Configuring User Accounts and RBAC
Configuration Examples for User Accounts and RBAC
To Next Page
Loading...
