role-modify
This command modifies roles, and access controls for a switch.
Syntax role-modify
|
name name-string |
Specify the name of the user role. |
|
Specify any of the following options: |
|
|
access read-only|read-write |
Specify the access type for the role. The default role is read-write. |
|
running-config|no-running-config |
Specify if a user with this the role can use the running-config-show command. You may want to limit which users can use running-config-show because the command can expose sensitive password information. |
|
shell|no-shell |
Specify if the user can access the shell. |
|
sudo|no-sudo |
Specify if the user can execute the sudo command from the shell. |
|
delete-from-users |
Delete the role from the user. |
Defaults None.
Access CLI
History
|
Version 2.0 |
Command introduced. |
|
Version 2.1 |
The parameter name added. |
|
Version 2.6.0 |
The parameters shell|no-shell, and sudo|no-sudo added. |
Usage In a multi-tenant environment, a switch or fabric can be divided into smaller logical segments known as virtual networks (vNETs) using role-based access control (RBAC). This command allows you to modify roles, and access controls for the local switch or fabric.
Examples
- To modify a role, from read-write to read-only, use the following command:
CLI (network-admin@switch) > role-modify local-admin access read-only
- To create a user user1 with local scope, and initial role role1, use the command:
CLI (network-admin@switch) > user-create name user1 scope localinitial-role role1
password:
confirm password: