Configuring Roles; Creating User Roles And Rules - Cisco Nexus 9000 Series Configuration Manual

Configuring Roles

Command or Action
switch(config)# username NewUser ssh-cert-dn "/CN
= NewUser, OU = Cisco Demo, O = Cisco, C = US"
rsa
Example:
switch(config)# username jsmith ssh-cert-dn "/O =
ABCcompany, OU = ABC1,
emailAddress = jsmith@ABCcompany.com, L =
Metropolis, ST = New York, C = US, CN = jsmith"
rsa
Step 5 exit
Example:
switch(config)# exit
switch#
Step 6
(Optional) show user-account
Example:
switch# show user-account
Step 7
(Optional) copy running-config startup-config
Example:
switch# copy running-config startup-config
Related Topics
Configuring Roles
This section describes how to configure user roles.

Creating User Roles and Rules

You can configure up to 64 user roles. Each user role can have up to 256 rules. You can assign a user role to
more than one user account.
The rule number that you specify determines the order in which the rules are applied. Rules are applied in
descending order. For example, if a role has three rules, rule 3 is applied before rule 2, which is applied before
rule 1.
Note
Regardless of the read-write rule configured for a user role, some commands can be executed only through
the predefined network-admin role.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
162
Configuring Roles, on page 162
Creating User Roles and Rules, on page 162
Configuring User Accounts and RBAC
Purpose
512 characters and must follow the format shown in the
examples. Make sure the email address and state are
configured as emailAddress and ST, respectively.
Exits global configuration mode.
Displays the role configuration.
Copies the running configuration to the startup
configuration.