Configuring Roles And Profiles; Configuring Rules And Features For Each Role - Cisco MDS 9000 Series Configuration Manual

Configuring Roles and Profiles

Tip Any role, when created, does not allow access to the required commands immediately. The administrator must
configure appropriate rules for each role to allow access to the required commands.
Configuring Roles and Profiles
To create an additional role or to modify the profile for an existing role, follow these steps:
Note
Only users belonging to the network-admin role can create roles.
Procedure
Step 1
switch# config terminal
Enters configuration mode.
Step 2
switch(config)# role name techdocs
switch(config-role)#
Places you in the mode for the specified role (techdocs).
Note
Step 3 switch(config)# no role name techdocs
(Optional) Deletes the role called techdocs.
Step 4
switch(config-role)# description Entire Tech Docs group
Assigns a description to the new role. The description is limited to one line and can contain spaces.
Step 5 switch(config-role)# no description
(Optional) Resets the description for the Tech Docs group.

Configuring Rules and Features for Each Role

Up to 16 rules can be configured for each role. The user-specified rule number determines the order in which
the rules are applied. For example, rule 1 is applied before rule 2, which is applied before rule 3, and so on.
A user not belonging to the network-admin role cannot perform commands related to roles.
Note
Regardless of the read-write rule configured for a user role, some commands can be executed only through
the predefined network-admin role.
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
12
The role submode prompt indicates that you are now in the role submode. This submode is now
specific to the techdocs group.
Common Roles