Assigning user roles to local AAA authentication users
Configure user roles for local AAA authentication users in their local user accounts. Every local user has a default user role. If this default user role is not suitable, remove it.
If a local user is the only user with the security-audit user role, the user cannot be deleted.
The security-audit user role is mutually exclusive with other user roles.
When you assign the security-audit user role to a local user, the system requests confirmation to remove all the other user roles from the user.
When you assign the other user roles to a local user that has the security-audit user role, the system requests confirmation to remove the security-audit role from the user.
To assign a user role to a local user:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Create a local user and enter its view. | local-user user-name class { manage | network } | N/A |
3. Authorize the user to have a user role. | authorization-attribute user-role role-name | Repeat this step to assign a maximum of 64 user roles to the user. By default, the network-operator user role is assigned to local users created by a network-admin or level-15 user. |