Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsNetworking S3100 Series

801

802

803

804

805

806

807

808

809

810

System-Dened RBAC User Roles

By default, the Dell EMC Networking OS provides 4 system dened user roles. You can create up to 8 additional user roles.

NOTE: You cannot delete any system dened roles.

The system dened user roles are as follows:

• Network Operator (netoperator) - This user role has no privilege to modify any conguration on the switch. You can access Exec mode

(monitoring) to view the current conguration and status information.

• Network Administrator (netadmin): This user role can congure, display, and debug the network operations on the switch. You can

access all of the commands that are available from the network operator user role. This role does not have access to the commands

that are available to the system security administrator for cryptography operations, AAA, or the commands reserved solely for the

system administrator.

• Security Administrator (secadmin): This user role can control the security policy across the systems that are within a domain or network

topology. The security administrator commands include FIPS mode enablement, password policies, inactivity timeouts, banner

establishment, and cryptographic key operations for secure access paths.

• System Administrator (sysadmin). This role has full access to all the commands in the system, exclusive access to commands that

manipulate the le system formatting, and access to the system shell. This role can also create user IDs and user roles.

The following summarizes the modes that the predened user roles can access.

Role Modes

netoperator

netadmin Exec Cong Interface Router IP Route-map Protocol MAC

secadmin Exec Cong Line

sysadmin Exec Cong Interface Line Router IP Route-map Protocol MAC

User Roles

This section describes how to create a new user role and congure command permissions and contains the following topics.

• Creating a New User Role

• Modifying Command Permissions for Roles

• Adding and Deleting Users from a Role

Creating a New User Role

Instead of using the system dened user roles, you can create a new user role that best matches your organization. When you create a new

user role, you can rst inherit permissions from one of the system dened roles. Otherwise you would have to create a user role’s command

permissions from scratch. You then restrict commands or add commands to that role

NOTE

: You can change user role permissions on system pre-dened user roles or user-dened user roles.

Important Points to Remember

Consider the following when creating a user role:

• Only the system administrator and user-dened roles inherited from the system administrator can create roles and user names. Only the

system administrator, security administrator, and roles inherited from these can use the "role" command to modify command

806

Security