Cisco Nexus 5000 Series Switch CLI Software Configuration Guide, NX-OS 4.0(1a)N1 (OL-16597-01, January 2009)
Send feedback to nx5000-docfeedback@cisco.com
22-6
Cisco Nexus 5000 Series Switch CLI Software Configuration Guide
OL-16597-01
Chapter 22 Configuring User Accounts and RBAC
Configuring RBAC
The following example shows how to create user roles and specify rules:
switch# configure terminal
switch(config)# role name UserA
switch(config-role)# rule deny command clear users
switch(config-role)# rule deny read-write
switch(config-role)# rule permit read feature router-bgp
switch(config-role)# rule deny read-write L3
switch(config-role)# description This role does not allow users to use clear commands
switch(config-role)# exit
switch(config)# show role
switch(config)# copy running-config startup-config
Step 3
switch(config-role)# rule number {deny |
permit} command command-string
Configures a command rule.
The command-string argument can contain spaces and
regular expressions. For example, “interface ethernet
*” includes all Ethernet interfaces.
Repeat this command for as many rules as needed.
switch(config-role)# rule number {deny |
permit} {read | read-write}
Configures a read only or read and write rule for all
operations.
switch(config-role)# rule number {deny |
permit} {read | read-write} feature
feature-name
Configures a read-only or read-and-write rule for a
feature.
Use the show role feature command to display a list
of features.
Repeat this command for as many rules as needed.
switch(config-role)#
rule number {deny | permit} {read |
read-write} feature-group group-name
Configures a read-only or read-and-write rule for a
feature group.
Use the show role feature-group command to
display a list of feature groups.
Repeat this command for as many rules as needed.
Step 4
switch(config-role)# description text
(Optional) Configures the role description. You can
include spaces in the description.
Step 5
switch(config-role)# exit
Exits role configuration mode.
Step 6
switch(config)# show role
(Optional) Displays the user role configuration.
Step 7
switch(config)# copy running-config
startup-config
(Optional) Copies the running configuration to the
startup configuration.
Command Purpose