Assigning user roles to local AAA authentication users
Configure user roles for local AAA authentication users in their local user accounts. Every local user has a default user role. If this default user role is not suitable, delete the default user role.
If a local user is the only user with the security-audit user role, the user cannot be deleted.
The security-audit user role is mutually exclusive with other user roles.
When you assign the security-audit user role to a local user, the system requests confirmation to delete all the other user roles of the local user first.
When you assign the other user roles to a local user who has been assigned the security-audit user role, the system requests confirmation to delete the security-audit user role for the local user first.
To assign a user role to a local user:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Create a local user and enter local user view. | local-user user-name class { manage | network } | N/A |
3. Authorize the user to have a user role. | authorization-attribute user-role role-name | Repeat this step to assign the user to up to 64 user roles. By default, network-operator is assigned to local users created by a network-admin or level-15 user. |
4. (Optional.) Remove undesirable user roles. | undo authorization-attribute user-role role-name | A user can use the collection of system items and resources accessible to any user role assigned to the user. If a user role is undesirable (for example, the default user role), you must use this command to delete the user role. |