CLI Guide
userrole
Create user roles for the role-based security model.
Syntax
userrole name inherit existing-role-name
To delete a role name, use the no userrole name command. Note that the reserved
role names may not be deleted.
Parameters
name Enter a text string for the name of the user up to 63
characters. It cannot be one of the system defined roles
(sysadmin, secadmin, netadmin, netoperator).
inherit existing-
role-name
Enter the inherit keyword then specify the system defined
role to inherit permissions from (sysadmin, secadmin,
netadmin, netoperator).
Defaults none
Command Modes CONFIGURATION
Supported Modes Full–Switch
ommand History
Version Description
9.9(0.0) Introduced on the FN IOM.
9.7(0.0) Introduced on the S6000-ON.
9.5(0.0) Introduced on the Z9000, S6000, S4820T, S4810, MXL.
Usage Information
Instead of using the system defined user roles, you can create a new user role that
best matches your organization. When you create a new user role, you first inherit
permissions from one of the system defined roles. Otherwise you would have to
create a user role from scratch. You then restrict commands or add commands to
that role. For information about this topic, See Modifying Command Permissions
for Roles.
NOTE: You can change user role permissions on system pre-defined user
roles or user-defined user roles.
Important Points to Remember
Consider the following when creating a user role:
• Only the system administrator and user-defined roles inherited from the system
administrator can create roles and usernames. Only the system administrator,
security administrator, and roles inherited from these can use the role
command to modify command permissions. The security administrator and
roles inherited by security administrator can only modify permissions for
commands they already have access to.
• Make sure you select the correct role you want to inherit.
Security
1375