Users Guide
Version Description
8.3.11.1 Introduced on the Z9000.
8.3.7.0 Introduced on the S4810.
7.8.1.0 Introduced on the C-Series and S-Series.
Related Commands clear ip dhcp snooping — clears the contents of the DHCP binding table.
Role-Based Access Control Commands
With Role-Based Access Control (RBAC), access and authorization is controlled based on a user’s role. Users are granted
permissions based on their user roles, not on their individual user ID. User roles are created for job functions and through those roles
they acquire the permissions to perform their associated job function.
This section describes the syntax and usage of RBAC-specic commands. You can nd information on other related security
commands in this chapter:
• aaa accounting
• aaa authentication login
• aaa authorization commands
• authorization
• show accounting
• show users
• username
aaa authorization role-only
Congure authentication to use the user’s role only when determining if access to commands is permitted.
Syntax
aaa authorization role-only
To return to the default setting, use the no aaa authentication role-only command.
Parameters
name
Enter a text string for the name of the user up to 63 characters. It cannot be one
of the system dened roles (sysadmin, secadmin, netadmin, netoperator).
inherit existing-role-
name
Enter the inherit keyword then specify the system dened role to inherit
permissions from (sysadmin, secadmin, netadmin, netoperator).
Defaults none
Command Modes CONFIGURATION
Command History Version
Version Description
9.7(0.0) Introduced on the S6000-ON.
9.5(0.0) Introduced on the Z9000, S6000, S4820T, S4810, and MXL.
Usage Information
By default, access to commands are determined by the user’s role (if dened) or by the user’s privilege level.
If the aaa authorization role-only command is enabled, then only the user’s role is used.
Security
1393