62
Syntax
role name
role-name
undo role name
role-name
Default
The system has the following predefined user roles: network-admin, network-operator, mdc-admin,
mdc-operator, and level-
n (where n
represents an integer in the range of 0 to 15).
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
name
role-name
: Specifies a username. The
role-name
argument is a case-sensitive string of 1 to
63 characters.
Usage guidelines
You can create a maximum of 64 user roles in addition to the predefined user roles.
To change the permissions assigned to a user role, you must first enter the user role view.
You cannot delete the predefined user roles or change the permissions assigned to network-admin,
network-operator, mdc-admin, mdc-operator, or level-15.
Level-0 to level-14 users can modify their own permissions for all commands except for the
display
history-command all
command.
Examples
# Create a user role named
role1
and enter user role view.
<Sysname> system-view
[Sysname] role name role1
[Sysname-role-role1]
Related commands
display role
interface policy deny
rule
vlan policy deny
vpn-instance policy deny
role default-role enable
Use
role default-role enable
to enable the default user role feature for remote AAA users.
Use
undo role default-role enable
to restore the default.
Syntax
role default-role enable
[
role-name
]
undo role default-role enable
