Technical References

ManualsBrandsCisco ManualsNetwork RegistrarCisco Network Registrar 7.1

201

202

203

204

205

206

207

208

209

210

Status

See Also

group, admin

Attributes

all-sub-roles bool default = true

Controls whether to ignore the sub-role attribute for this attribute.

If this attribute is unset, or if it is set to true, then the server

ignores the value of the sub-roles attribute and this subrole is

authorized for all sub-roles. If this attribute is false, then the

sub-roles attribute provides the list of subroles for which this

role instance is authorized. If the unconstrained attribute

is set to true, then the values of this attribute and the

of the sub-roles attribute are ignored, and the sub-role

authorization for the role is for all sub-roles.

groups string

Lists the groups with which this role is associated. Any member of

a listed group can perform the operations that the role allows.

name string required,unique

Identifies the name of this role.

read-only bool default = false

Indicates that all constraints associated with this role are

limited to read-only access.

role string

Specifies the base role for this object. The base role defines

operations, such as modifying a zone, that are allowed and

the further constraints on these operations. For example,

a constrained role could limit the list of zones to a specific

list of Owners.

sub-roles string

Lists subroles associated with this role instance. If the

all-sub-roles attribute is unset, or if it is set to true,

then this attribute is ignored. If the all-sub-roles

attribute is set to false, then this attribute specifies

the list of subroles for this role instance, and an administrator

associated with this role has authorization limited to the

specified subroles. If the admininistrator has multiple roles

in which the role attribute is the same, then subrole authorization

for that role should be taken to be the union of all the sets of

subroles from the individual role instances; and, if any of these

role instances has the all-sub-roles attribute set to true,

then subrole authorization for that role is for all sub-roles.

Also, if any role instance for a matching role has the unconstrained