Assigning user roles to local AAA authentication users

Configure user roles for local AAA authentication users in their local user accounts. Every local user has a default user role. If this default user role is not suitable, remove it.

If a local user is the only user with the security-audit user role, the user cannot be deleted.

The security-audit user role is mutually exclusive with other user roles.

When you assign the security-audit user role to a local user, the system requests confirmation to remove all the other user roles from the user.
When you assign the other user roles to a local user who has the security-audit user role, the system requests confirmation to remove the security-audit role from the user.

To assign a user role to a local user:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Create a local user and enterits view.	local-user user-name class { manage \| network }	N/A
3. Authorize the user to have a user role.	authorization-attribute user-role role-name	Repeat this step to assign a maximum of 64 user roles to the user. By default, the network-operator user role is assigned to local users created by a network-admin or level-15 user.

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Create a local user and enterits view.

local-user user-name class { manage | network }

N/A

3. Authorize the user to have a user role.

authorization-attribute user-role role-name

Repeat this step to assign a maximum of 64 user roles to the user.

By default, the network-operator user role is assigned to local users created by a network-admin or level-15 user.

prev	up	next
Assigning user roles to remote AAA authentication users	home	Assigning user roles to non-AAA authentication users on user lines