4000 Router Series Fundamentals Command Reference

role

Use role to create a user role and enter user role view. If the user role has been created, you directly enter

the user role view.

Use undo role to delete a user role.

Syntax

role name role-name

undo role name role-name

Default

The system has 19 predefined user roles: network-admin, network-operator, level-n (where n represents an

integer in the range of 0 to 15), and security-audit.

Views

System view

Predefined user roles

network-admin

Parameters

name role-name: Specifies a username. The role-name argument is a case-sensitive string of 1 to 63

characters.

Usage guidelines

You can create up to 64 user roles in addition to the predefined user roles.

To change the permissions assigned to a user role, you must first enter its view.

You cannot delete the predefined user roles or change the permissions assigned to network-admin,

network-operator, level-15, or security-audit.

Level-0 to level-14 users can modify their own permissions for any commands except for the display

history-command all command.

Examples

# Create the user role role1 and enter its view.

<Sysname> system-view

[Sysname] role name role1

[Sysname-role-role1]

Related commands

• display role

• interface policy deny

• rule

• vlan policy deny

• vpn-instance policy deny

role default-role enable

Use role default-role enable to enable the default user role feature for remote AAA users.