Step
3.
(Optional.) Configure a
description for the user
role.
Configuring user role rules
You can configure user role rules to permit or deny the access of a user role to specific commands and
XML elements.
Configuration restrictions and guidelines
When you configure RBAC user role rules, follow these restrictions and guidelines:
You can configure a maximum of 256 user-defined rules for a user role, but the total number of
•
user-defined user role rules in the system cannot exceed 1024.
If two user-defined rules of the same type conflict, the rule with the higher ID takes effect. For
•
example, a user role can use the tracert command but not the ping command if the user role
contains rules configured by using the following commands:
rule 1 permit command ping
rule 2 permit command tracert
rule 3 deny command ping
For level-0 to level- 1 4 user roles, if a predefined user role rule and a user-defined user role rule
•
conflict, the user-defined user role rule takes effect.
Any rule modification, addition, or removal for a user role takes effect only on users who are logged
•
in with the user role after the change.
Configuration procedure
To configure rules for a user role:
Step
1.
Enter system view.
2.
Enter user role view.
Command
description text
Command
system-view
role name role-name
54
Remarks
By default, a user role does not have a
description.
Remarks
N/A
N/A