Role-Based Access Control Commands - Dell S6000 Reference Manual

Role-Based Access Control Commands

With Role-Based Access Control (RBAC), access and authorization is controlled based on a user's role.
Users are granted permissions based on their user roles, not on their individual user ID. User roles are
created for job functions and through those roles they acquire the permissions to perform their
associated job function.
This section describes the syntax and usage of RBAC-specific commands. You can find information on
other related security commands in this chapter:
• aaa accounting
• aaa authentication login
• aaa authorization commands
• authorization
• show accounting
• show users
• username
aaa authorization role-only
Configure authentication to use the user's role only when determining if access to commands is
permitted.
Syntax
aaa authorization role-only
To return to the default setting, use the no aaa authentication role-only
command.
Parameters
name
inherit existing-
role-name
Defaults none
Command CONFIGURATION
Modes
Command
Version 9.5.
History
(0.0)
Usage
By default, access to commands are determined by the user's role (if defined) or by
Information
the user's privilege level. If the aaa authorization role-only command is
enabled, then only the user's role is used.
Before you enable role-based only AAA authorization:
1308
Enter a text string for the name of the user up to 63
characters. It cannot be one of the system defined roles
(sysadmin, secadmin, netadmin, netoperator).
Enter the inherit keyword then specify the system defined
role to inherit permissions from (sysadmin, secadmin,
netadmin, netoperator).
Introduced on the Z9000, S6000, S4820T, S4810, MXL
Security