Assigning user roles to local AAA authentication users

Configure user roles for local AAA authentication users in their local user accounts. Every local user has a default user role. If this default user role is not suitable, delete the default user role.

If a local user is the only user with the security-audit user role, the user cannot be deleted.

The security-audit user role is mutually exclusive with other user roles.

To assign a user role to a local user:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Create a local user and enter local user view.

local-user user-name class { manage | network }

N/A

3. Authorize the user to have a user role.

authorization-attribute user-role role-name

Repeat this step to assign the user to up to 64 user roles.

By default, network-operator is assigned to local users created by a network-admin or level-15 user.

4. (Optional.) Remove undesirable user roles.

undo authorization-attribute user-role role-name

A user can use the collection of system items and resources accessible to any user role assigned to the user.

If a user role is undesirable (for example, the default user role), you must use this command to delete the user role.