Parameters
name role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters. If you do
not specify a user role name, the command displays information about all user roles, including the
predefined user roles.
Examples
# Display information about the user role 123.
<Sysname> display role name 123
Role: 123
Description: new role
VLAN policy: deny
Permitted VLANs: 1 to 5, 7 to 8
Interface policy: deny
Permitted interfaces: Ten-GigabitEthernet1/0/1 to Ten-GigabitEthernet1/0/2,
Vlan-interface1 to Vlan-interface20
VPN instance policy: deny
Permitted VPN instances: vpn, vpn1, vpn2
-------------------------------------------------------------------
Rule
Perm
-------------------------------------------------------------------
1
permit RWX
2
deny
3
permit
4
permit R--
5
permit RW-
R:Read W:Write X:Execute
Table 6 Command output
Field
Role
Description
VLAN policy
Permitted VLANs
Interface policy
Permitted interfaces
VPN instance policy
Type
Scope
feature-group abc
-W-
feature
command
xml-element
oid
Description
User role name.
Predefined user role names:
•
network-admin.
•
network-operator.
•
level-n (where n represents an integer in the range of 0 to 15).
•
security-audit.
User role description you have configured for easy identification.
VLAN policy of the user role:
•
deny—Denies access to any VLAN except permitted VLANs.
•
permit (default)—Default VLAN policy, which enables the user
role to access any VLAN.
VLANs accessible to the user role.
Interface policy of the user role:
•
deny—Denies access to any interface except permitted
interfaces.
•
permit (default)—Default interface policy, which enables the
user role to access any interface.
Interfaces accessible to the user role.
VPN instance policy of the user role:
Entity
ldap
system ; radius sc *
-
1.2.1
48