Verifying Roles Using The Cli - Cisco 9134 - MDS Multilayer Fabric Switch Troubleshooting Manual

Chapter 18 Troubleshooting Users and Roles
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m

Verifying Roles Using the CLI

To verify user role-based access using the CLI, follow these steps:
Step 1 Use the show user-account command to view the roles assigned to the user.
switch# show user-account user1
user:user1
no password set. local login not allowed
Remote login through RADIUS is possible
Use the username command to modify the roles assigned to a user.
Step 2
switch# no username user1 role vsan-admin
Step 3 Use the show role command to view the rules assigned to the role.
switch# show role sangroup
Role: sangroup
Description: SAN management group
vsan policy: permit
---------------------------------------------
Rule
---------------------------------------------
Use the role command to modify the rules assigned to a role.
Step 4
switch# role name sangroup
switch(config-role)# no rule 4
switch(config-role)# rule 4 deny exec feature fcping
OL-9285-05
this user account has no expiry date
roles:sangroup vsan-admin
Type Command-type
1. permit config
2. deny config
3. permit debug
4. permit exec
Feature
*
fspf
zone
fcping
Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x
User and Role Issues
18-9