role-modify
This command modifies roles and access controls for a switch.
Syntax role-modify
|
name name-string |
Specify a name for the role. |
|
scope [local|fabric] |
Specify a scope for the role, either local or fabric. |
|
Specify any of the following options: |
|
|
access read-only|read-write |
Specify the access type for the role. The default role is read-write. |
|
running-config|no-running-config |
Specify if a user with this the role can use the running-config-show command. You may want to limit which users can use running-config-show because the command can expose sensitive password information. |
|
shell|no-shell |
Specify if the user can access the shell. |
|
sudo|no-sudo |
Specify if the user can execute the sudo command from the shell. |
Defaults None.
Access CLI
History
|
Version 2.0 |
Command introduced. |
|
Version 2.1 |
The parameter, name, added. |
|
Version 2.6.0 |
The parameters, shell|no-shell, and sudo|no-sudo added. |
Usage In a multi-tenant environment, a switch or fabric can be divided into smaller logical segments known as virtual networks (VNETs) using role-based access control (RBAC). This command allows you to modify roles and access controls for the local switch or fabric.
Examples To modify a role, from read-write to read-only, use the following command:
CLI network-admin@switch > role-modify local-admin access read-only