Role-Based Access Control Commands
With Role-Based Access Control (RBAC), access and authorization is controlled based on a user’s role.
Users are granted permissions based on their user roles, not on their individual user ID. User roles are
created for job functions and through those roles they acquire the permissions to perform their
associated job function.
This section describes the syntax and usage of RBAC-specific commands. You can find information on
other related security commands in this chapter:
• aaa accounting
• aaa authentication login
• aaa authorization commands
• authorization
• show accounting
• show users
• username
aaa authorization role-only
Configure authentication to use the user’s role only when determining if access to commands is
permitted.
Syntax
aaa authorization role-only
To return to the default setting, use the no aaa authentication role-only
command.
Parameters
name Enter a text string for the name of the user up to 63
characters. It cannot be one of the system defined roles
(sysadmin, secadmin, netadmin, netoperator).
inherit existing-
role-name
Enter the inherit keyword then specify the system defined
role to inherit permissions from (sysadmin, secadmin,
netadmin, netoperator).
Defaults none
Command
Modes
CONFIGURATION
Command
History
Version
Version Description
9.7(0.0) Introduced on the S6000-ON.
9.5(0.0) Introduced on the Z9000, S6000, S4820T, S4810, and
MXL.
1668
Security