Users Guide
Parameters
● default inherit — Reconfigure the default permissions assigned to an authenticated user with a
missing or unknown role or privilege level.
● name inherit — Enter the name of the RADIUS or TACACS+ user role that inherits permissions
from an OS10 user role; 32 characters maximum.
● existing-role-name — Assign the permissions associated with an OS10 user role:
○ sysadmin — Full access to all commands in the system, exclusive access to commands that
manipulate the file system, and access to the system shell. A system administrator can create user
IDs and user roles.
○ secadmin — Full access to configuration commands that set security policy and system access,
such as password strength, AAA authorization, and cryptographic keys. A security administrator
can display security information, such as cryptographic keys, login statistics, and log information.
○ netadmin — Full access to configuration commands that manage traffic flowing through the
switch, such as routes, interfaces, and ACLs. A network administrator cannot access configuration
commands for security features or view security information.
○ netoperator — Access to EXEC mode to view the current configuration with limited access. A
network operator cannot modify any configuration setting on a switch.
Default OS10 assigns the netoperator role to a user authenticated by a RADIUS or TACACS+ server with a
missing or unknown role or privilege level.
Command Mode CONFIGURATION
Usage
Information
When a RADIUS or TACACS+ server authenticates a user and does not return a role or privilege level, or
returns an unknown role or privilege level, OS10 assigns the netoperator role to the user by default.
Use this command to reconfigure the default netoperator permissions.
To assign OS10 user role permissions to an unknown user role, enter the RADIUS or TACACS+ name with
the inherit existing-role-name value. The no version of the command resets the role to
netoperator.
Example
OS10(config)# userrole default inherit sysadmin
Supported
Releases
10.4.0E(R3P3) or later
username password role
Creates an authentication entry based on a user name and password, and assigns a role to the user.
Syntax
username username password password role role [priv-lvl privilege-level]
Parameters
● username username—Enter a text string. A maximum of 32 alphanumeric characters; one
character minimum.
● password password—Enter a text string. A maximum of 32 alphanumeric characters; nine
characters minimum. Password prefixes $1$, $5$, and$6$ are not supported in clear-text passwords.
● role role—Enter a user role:
○ sysadmin — Full access to all commands in the system, exclusive access to commands that
manipulate the file system, and access to the system shell. A system administrator can create user
IDs and user roles.
○ secadmin — Full access to configuration commands that set security policy and system access,
such as password strength, AAA authorization, and cryptographic keys. A security administrator
can display security information, such as cryptographic keys, login statistics, and log information.
○ netadmin — Full access to configuration commands that manage traffic flowing through the
switch, such as routes, interfaces, and ACLs. A network administrator cannot access configuration
commands for security features or view security information.
○ netoperator — Access to EXEC mode to view the current configuration with limited access. A
network operator cannot modify any configuration setting on a switch.
● priv-lvl privilege-level — Enter a privilege level, from 0 to 15. If you do not specify the
priv-lvl option, the system assigns privilege level 1 for the netoperator role and privilege level
15 for the sysadmin, secadmin, and netadmin roles.
1336 Security