Before you begin
If you want to distribute the user role configuration, enable user role configuration distribution on all Cisco
NX-OS devices to which you want the configuration distributed.
SUMMARY STEPS
1.
configure terminal
2.
role name role-name
3.
rule number
{
deny
|
permit
}
command command-string
4.
rule number
{
deny
|
permit
} {
read
|
read-write
}
5.
rule number
{
deny
|
permit
} {
read
|
read-write
}
feature feature-name
6.
rule number
{
deny
|
permit
} {
read
|
read-write
}
feature-group group-name
7.
rule number
{
deny
|
permit
} {
read
|
read-write
}
oid snmp_oid_name
8.
(Optional)
description text
9.
exit
10.
(Optional)
show role
11.
(Optional)
show role
{
pending
|
pending-diff
}
12.
(Optional)
role commit
13.
(Optional)
copy running-config startup-config
DETAILED STEPS
Purpose
Command or Action
Enters global configuration mode.
configure terminal
Example:
Step 1
switch# configure terminal
switch(config)#
Specifies a user role and enters role configuration mode.
The
role-name
argument is a case-sensitive, alphanumeric
character string with a maximum length of 16 characters.
role name role-name
Example:
switch(config)# role name UserA
switch(config-role)#
Step 2
Configures a command rule.
rule number
{
deny
|
permit
}
command command-string
Step 3
Example:
The
command-string
argument can contain spaces and
regular expressions. For example, interface ethernet
includes all Ethernet interfaces.
switch(config-role)# rule 1 deny command clear
users
Repeat this command for as many rules as needed.
Configures a read-only or read-and-write rule for all
operations.
rule number
{
deny
|
permit
} {
read
|
read-write
}
Example:
Step 4
switch(config-role)# rule 2 deny read-write
Configures a read-only or read-and-write rule for a feature.
rule number
{
deny
|
permit
} {
read
|
read-write
}
feature
feature-name
Step 5
Use the
show role feature
command to display a list of
features.
Example:
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
163
Configuring User Accounts and RBAC
Creating User Roles and Rules