Filter
Top Products
Defaults none
Command
Modes
CONFIGURATION
Command
History
Version Description
9.5(0.1) Introduced on the Z9500.
9.5(0.0) Introduced on the Z9000, S6000, S4820T, S4810, MXL.
Usage
Information
Instead of using the system defined user roles, you can create a new user role that
best matches your organization. When you create a new user role, you first inherit
permissions from one of the system defined roles. Otherwise you would have to
create a user role from scratch. You then restrict commands or add commands to
that role. For information about this topic, See Modifying Command Permissions
for Roles.
NOTE: You can change user role permissions on system pre-defined user
roles or user-defined user roles.
Important Points to Remember
Consider the following when creating a user role:
• Only the system administrator and user-defined roles inherited from the system
administrator can create roles and usernames. Only the system administrator,
security administrator, and roles inherited from these can use the role
command to modify command permissions. The security administrator and
roles inherited by security administrator can only modify permissions for
commands they already have access to.
• Make sure you select the correct role you want to inherit.
NOTE: If you inherit a user role, you cannot modify or delete the inheritance. If
you want to change or remove the inheritance, delete the user role and create
it again. If the user role is in use, you cannot delete the user role.
role mode { { { addrole | deleterole } role-name } | reset } command – Modifies
(adds or deletes) command permissions for newly created user roles and system
defined roles.
AAA Accounting Commands
AAA Accounting enables tracking of services that users are accessing and the amount of network
resources being consumed by those services. When you enable AAA Accounting, the network server
reports user activity to the TACACS+ security server in the form of accounting records. Each accounting
record is comprised of accounting AV pairs and is stored on the access control server.
Security
1597