role-create
This command creates roles and access controls for a switch.
Syntax role-create
|
name name-string |
Specify a name for the role. |
|
scope [local|fabric] |
Specify a scope for the role, either local or fabric. |
|
Specify any of the following options: |
|
|
access read-only|read-write |
Specify the access type for the role. The default role is read-write. |
|
running-config|no-running-config |
Specify if a user with this the role can use the running-config-show command. You may want to limit which users can use running-config-show because the command can expose sensitive password information. |
|
shell|no-shell |
Specify if the user can access the shell. |
|
sudo|no-sudo |
Specify if the user can execute the sudo command from the shell. |
Defaults None.
Access CLI
History
|
Version 1.2 |
Command introduced. |
|
Version 2.1 |
The parameter, vnet, is deprecated. The optional parameters access and running-config are added. |
|
Version 2.6.0 |
The parameters, shell and sudo, added. |
Usage In a multi-tenant environment, a switch or fabric can be divided into smaller logical segments known as virtual networks (VNETs) using role-based access control (RBAC). This command allows you to create roles and access controls for the local switch or fabric.
Examples To create the role, network-admin with access to the fabric and running configuration, use the following command:
CLI network-admin@switch > role-create name network-admin scope fabric access read-write running-config