R211x-HP Flexfabric 11900 Fundamentals Configuration Guide
56
Creating user roles
In addition to the predefined user roles, you can create up to 64 custom user roles for granular access
control.
To create a user role:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a user role and
enter user role view.
role name role-name
By default, the system has 21 predefined
user roles: network-admin,
network-operator, mdc-admin,
mdc-operator, level-n (where n equals an
integer in the range 0 to 15), and
security-audit. Among these user roles,
only the permissions and description of
the user roles level-0 to level-14 are
configurable.
3. (Optional.) Configure a
description for the user
role.
description text
By default, a user role has no
description.
Configuring user role rules
You can configure command, feature, and feature group rules to permit or deny the access of a user role
to specific commands. The configuration in the non-predefined user role view does not take effect for the
MDC.
You can configure up to 256 user-defined rules for a user role, but the total number of user-defined user
role rules in the system cannot exceed 1024.
If two user-defined rules of a user role conflict, the one with the higher ID takes effect.
For level-0 to level-14 user roles, if a predefined user role rule and a user-defined user role rule conflict, the
user-defined user role rule takes effect.
Any rule modification, addition, or removal for a user role takes effect only on users who are logged in
with the user role after the change.
To configure rules for a user role:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter user role view.
role name role-name N/A