Configuring resource access policies

Every user role has one interface policy, VLAN policy, and VPN instance policy. By default, these policies permit a user role to access any interface, VLAN, and VPN instance. You can configure the policies of a user-defined user role or a predefined level-n user role to limit its access to interfaces, VLANs, and VPN instances. The policy configuration takes effect only on users who are logged in with the user role after the configuration.