Dell 9.7(0.0) Plumbing Product User Manual


  Open as PDF
of 1039
 
The following example removes the secadmin access to LINE mode and then verifies that the security
administrator can no longer access LINE mode, using the show role mode configure line
command in EXEC Privilege mode.
Dell(conf)#role configure deleterole secadmin ?
LINE Initial keywords of the command to modify
Dell(conf)#role configure deleterole secadmin line
Dell(conf)#do show role mode ?
configure Global configuration mode
exec Exec Mode
interface Interface configuration mode
line Line Configuration mode
route-map Route map configuration mode
router Router configuration mode
Dell(conf)#do show role mode configure line
Role access:sysadmin
Example: Grant and Remove Security Administrator Access to Configure Protocols
By default, the system defined role, secadmin, is not allowed to configure protocols. The following
example first grants the
secadmin role to configure protocols and then removes access to configure
protocols.
Dell(conf)#role configure addrole secadmin protocol
Dell(conf)#role configure deleterole secadmin protocol
Example: Resets Only the Security Administrator role to its original setting.
The following example resets only the secadmin role to its original setting.
Dell(conf)#no role configure addrole secadmin protocol
Example: Reset System-Defined Roles and Roles that Inherit Permissions
In the following example the command protocol permissions are reset to their original setting or one or
more of the system-defined roles and any roles that inherited permissions from them.
Dell(conf)#role configure reset protocol
Adding and Deleting Users from a Role
To create a user name that is authenticated based on a user role, use the username name password
encryption-type password role role-name command in CONFIGURATION mode.
Example
The following example creates a user name that is authenticated based on a user role.
Dell (conf) #username john password 0 password role secadmin
The following example deletes a user role.
NOTE: If you already have a user ID that exists with a privilege level, you can add the user role to
username that has a privilege
Dell (conf) #no username john
Security
783