Manualshelf

Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4048-ON
821822823824825826827828829830
System-Defined RBAC User Roles
By default, the Dell Networking OS provides 4 system defined user roles. You can create up to 8 additional user roles.
NOTE: You cannot delete any system defined roles.
The system defined user roles are as follows:
Network Operator (netoperator) - This user role has no privilege to modify any configuration on the switch. You can access Exec
mode (monitoring) to view the current configuration and status information.
Network Administrator (netadmin): This user role can configure, display, and debug the network operations on the switch. You can
access all of the commands that are available from the network operator user role. This role does not have access to the commands
that are available to the system security administrator for cryptography operations, AAA, or the commands reserved solely for the
system administrator.
Security Administrator (secadmin): This user role can control the security policy across the systems that are within a domain or
network topology. The security administrator commands include FIPS mode enablement, password policies, inactivity timeouts, banner
establishment, and cryptographic key operations for secure access paths.
System Administrator (sysadmin). This role has full access to all the commands in the system, exclusive access to commands that
manipulate the file system formatting, and access to the system shell. This role can also create user IDs and user roles.
The following summarizes the modes that the predefined user roles can access.
Role Modes
netoperator
netadmin Exec Config Interface Router IP Route-map Protocol MAC
secadmin Exec Config Line
sysadmin Exec Config Interface Line Router IP Route-map Protocol MAC
User Roles
This section describes how to create a new user role and configure command permissions and contains the following topics.
Creating a New User Role
Modifying Command Permissions for Roles
Adding and Deleting Users from a Role
Creating a New User Role
Instead of using the system defined user roles, you can create a new user role that best matches your organization. When you create a
new user role, you can first inherit permissions from one of the system defined roles. Otherwise you would have to create a user role’s
command permissions from scratch. You then restrict commands or add commands to that role. For more information about this topic, see
Modifying Command Permissions for Roles.
NOTE
: You can change user role permissions on system pre-defined user roles or user-defined user roles.
Important Points to Remember
822
Security