Limitations

  • A user can only be configured to one role.

  • You can give access to the "command:write memory" deny rule by saving your changes when logging out of your session.

  • You cannot add the default-security-group rules to any other group.

  • The command strings are not validated. You must provide a valid command string.

  • If you configure multiple interface policy rules, only the last entry is taken into effect. All other interface policy rules are ignored.

  • If you configure multiple VLAN policy rules, only the last entry is taken into effect. All other VLAN policy rules are ignored.

  • RBAC supports a maximum of 1000 rules per role, which equals to 64000 rules per system (1000 rules x 64 roles).