54
Ste
Command
Remarks
3. (Optional.) Configure a
description for the user
role.
description text
By default, a user role does not have a
description.
Configuring user role rules
You can configure user role rules to permit or deny the access of a user role to specific commands and
XML elements.
Configuration restrictions and guidelines
When you configure RBAC user role rules, follow these restrictions and guidelines:
• You can configure a maximum of 256 user-defined rules for a user role, but the total number of
user-defined user role rules in the system cannot exceed 1024.
• If two user-defined rules of the same type conflict, the rule with the higher ID takes effect. For
example, a user role can use the tracert command but not the ping command if the user role
contains rules configured by using the following commands:
{ rule 1 permit command ping
{ rule 2 permit command tracert
{ rule 3 deny command ping
• For level-0 to level-14 user roles, if a predefined user role rule and a user-defined user role rule
conflict, the user-defined user role rule takes effect.
• Any rule modification, addition, or removal for a user role takes effect only on users who are logged
in with the user role after the change.
Configuration procedure
To configure rules for a user role:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter user role view.
role name role-name N/A
To Next Page
Loading...
Need help?
General
