Administrator Guide

and any roles that inherited permissions from them.

Example

The following example creates a user name that is authenticated based on a user role.

Dell (conf) #username john password 0 password role secadmin

The following example deletes a user role.

NOTE: If you already have a user ID that exists with a privilege level, you can add the user role to username that has a privilege

Dell (conf) #no username john

The following example adds a user, to the secadmin user role.

Dell (conf)#username john role secadmin password 0 password

AAA Authentication and Authorization for Roles

This section describes how to congure AAA Authentication and Authorization for Roles.

Authentication services verify the user ID and password combination. Users with dened roles and users with privileges are authenticated

with the same mechanism. There are six methods available for authentication: radius, tacacs+, local, enable, line, and none.

When role-based only AAA authorization is enabled, the enable, line, and none methods are not available. Each of these three methods

allows users to be veried with either a password that is not specic to their user ID or with no password at all. Because of the lack of

security these methods are not available for role only mode. When the system is in role-only mode, users that have only privilege levels are

denied access to the system because they do not have a role. For information about role only mode, see Conguring Role-based Only AAA

Authorization.

NOTE

: Authentication services only validate the user ID and password combination. To determine which commands are permitted

for users, congure authorization. For information about how to congure authorization for roles, see Congure AAA