You cannot delete the predefined user roles or change the permissions assigned to network-admin,
network-operator, level-15, or security-audit.
You cannot assign the security-audit user role to non-AAA authentication users.
The access permissions of the level-0 to level-14 user roles can be modified through user role rules
and resource access policies. However, you cannot make changes on the predefined access
permissions of these user roles. For example, you cannot change the access permission of these
user roles to the
Examples
# Create user role role1 and enter its view.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1]
Related commands
display role
interface policy deny
rule
vlan policy deny
vpn-instance policy deny
role default-role enable
Use
role default-role enable
Use
undo role default-role enable
Syntax
role default-role enable [ role-name ]
undo role default-role enable
Default
The default user role feature is disabled. AAA users who do not have a user role cannot log in to the
device.
Views
System view
Predefined user roles
network-admin
Parameters
role-name
exist. The argument is a case-sensitive string of 1 to 63 characters.
Usage guidelines
The default user role feature assigns the default user role to AAA-authenticated users if the
authentication server (local or remote) does not assign any user roles to the users. These users are
allowed to access the system with the default user role.
For
local
authorization-attribute user role
If AAA users have been assigned user roles, they log in with the user roles.
display history-command all
: Specifies a user role by its name for the default user role. The user role must already
authorization,
this
command.
to enable the default user role feature for remote AAA users.
to restore the default.
command
is
required
command to assign user roles to local users.
20
if
you
do
not
use
the