role-create
This command creates new user roles, and access controls for a switch.
Syntax role-create
|
name name-string |
Specify the name of the user role. |
|
scope local|fabric |
Specify the scope of the user role. |
|
Specify any of the following options: |
|
|
access read-only|read-write |
Specify the type of access. The default is read-write. |
|
running-config|no-running-config |
Specify to allow or deny displaying of running configuration of switch. |
|
shell|no-shell |
Specify to allow or deny shell access. |
|
sudo|no-sudo |
Specify to permit or deny sudo command from the shell prompt. |
Defaults None.
Access CLI
History
|
Version 1.2 |
Command introduced. |
|
Version 2.1 |
The parameter vnet is deprecated. The optional parameters access, and running-config are added. |
|
Version 2.6.0 |
The parameters shell and sudo added. |
Usage In a multi-tenant environment, a switch or fabric can be divided into smaller logical segments known as virtual networks (vNETs) using role-based access control (RBAC). This command allows you to create roles, and access controls for the local switch or fabric.
Examples
- To create the role, network-admin with access to the fabric, and running configuration, use the following command:
CLI (network-admin@switch) > role-create name network-admin scope fabric access read-write running-config
- To create a user role named role1 having local scope with access to the shell prompt, use the command:
CLI (network-admin@switch) > role-create name role1 scope local shell sudo