R Commands


This command creates roles and access controls for a switch.

Syntax   role-create name name-string scope [local|fabric] access read-only|read-write running-config|no-running-config

name name-string

Specify a name for the role.

scope [local|fabric]

Specify a scope for the role, either local or fabric.

Specify any of the following options:

access read-only|read-write

Specify the access type for the role. The default role is read-write.


Specify if a user with this the role can use the running-config-show command. You may want to limit which users can use running-config-show because the command can expose sensitive password information.


Specify if the user can access the shell.


Specify if the user can execute the sudo command from the shell.

Defaults   None.

Access   CLI


Version 1.2

Command introduced.

Version 2.1

The parameter, vnet, is deprecated. The optional parameters access and running-config are added.

Version 2.6.0

The parameters, shell and sudo, added.

Usage   In a multi-tenant environment, a switch or fabric can be divided into smaller logical segments known as virtual networks (VNETs) using role-based access control (RBAC). This command allows you to create roles and access controls for the local switch or fabric.

Examples  To create the role, network-admin with access to the fabric and running configuration, use the following command:

CLI network-admin@switch > role-create name network-admin scope fabric access read-write running-config

See Also