56
User role name Permissions
{ RBAC non-debugging commands.
{ Local users.
{ File management.
{ Device management.
{ The display history-command all command.
• level-15—Has the same rights as network-admin.
security-audit
Security log manager. The user role has the following access to security
log files:
• Accesses to the commands for displaying and maintaining security
log files (for example, the dir, display security-logfile summary,
and more commands).
• Accesses to the commands for managing security log files and
security log file system (for example, the info-center
security-logfile directory, mkdir, and security-logfile save
commands).
For more information about security log management, see Network
Management and Monitoring Configuration Guide. For more information
about file system management, see "Managing the file system."
IMPORT
ANT:
Only the security-audit user role has access to security log files.
Assigning user roles
You assign access rights to users by assigning a minimum of one user role. The users can use the
collection of system items and resources accessible to any user role assigned to them. For example,
you can access any interface to use the qos apply policy command if you are assigned the
following user roles:
• User role A denies access to the qos apply policy command and permits access only to
interface GigabitEthernet 1/0/1.
• User role B permits access to the qos apply policy command and all interfaces.
Depending on the authentication method, user role assignment has the following methods:
• AAA authorization—If scheme authentication is used, the AAA module handles user role
assignment.
{ If the user passes local authorization, the device assigns the user roles specified in the local
user account.
{ If the user passes remote authorization, the remote AAA server assigns the user roles
specified on the server. The AAA server can be a RADIUS or HWTACACS server.
• Non-AAA authorization—When the user accesses the device without authentication or by
passing password authentication, the device assigns user roles specified on the user line. This
method also applies to SSH clients that use publickey or password-publickey authentication.
User roles assigned to these SSH clients are specified in their respective local device
management user accounts.
For more information about AAA and SSH, see Security Configuration Guide. For more information
about user line, see "Login overview" and "Logging in to the CLI."
To Next Page
Loading...
Need help?
General