Service Manual

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON

1331

Role-Based Access Control Commands

With Role-Based Access Control (RBAC), access and authorization is controlled based on a user’s role. Users are granted

permissions based on their user roles, not on their individual user ID. User roles are created for job functions and through those roles

they acquire the permissions to perform their associated job function.

This section describes the syntax and usage of RBAC-specic commands. You can nd information on other related security

commands in this chapter:

• aaa accounting

• aaa authentication login

• aaa authorization commands

• authorization

• show accounting

• show users

• username

aaa authorization role-only

Congure authentication to use the user’s role only when determining if access to commands is permitted.

Syntax

aaa authorization role-only

To return to the default setting, use the no aaa authentication role-only command.

Parameters

name

Enter a text string for the name of the user up to 63 characters. It cannot be one

of the system dened roles (sysadmin, secadmin, netadmin, netoperator).

inherit existing-role-

name

Enter the inherit keyword then specify the system dened role to inherit

permissions from (sysadmin, secadmin, netadmin, netoperator).

Defaults none

Command Modes CONFIGURATION

Command History Version

Version Description

9.8(0.0) Introduced on the S3048-ON and S4048-ON.

9.7(0.0) Introduced on the S6000-ON.

9.5(0.0) Introduced on the Z9000, S6000, S4820T, S4810, and MXL.

Usage Information

By default, access to commands are determined by the user’s role (if dened) or by the user’s privilege level.

If the aaa authorization role-only command is enabled, then only the user’s role is used.

Before you enable role-based only AAA authorization:

1. Locally dene a system administrator user role.This will give you access to login with full permissions

even if network connectivity to remote authentication servers is not available.

2. Congure login authentication on the console. This ensures that all users are properly identied through

authentication no matter the access point

3. Specify an authentication method (RADIUS, TACACS+, or Local).

4. Specify authorization method (RADIUS, TACACS+ or Local).

1334

Security