Dell MX5108n OS10 Enterprise Edition User Guide for PowerEdge MX IO Modules Re - Page 474
Role-based access control, Assign user role
View all Dell MX5108n manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 474 highlights
- min-length number - Enter the minimum number of required alphanumeric characters (6 to 32; default 9). - character-restriction - Enter a requirement for the alphanumeric characters in a password: ◦ upper number - Minimum number of uppercase characters required (0 to 31; default 0). ◦ lower number - Minimum number of lowercase characters required (0 to 31; default 0). ◦ numeric number - Minimum number of numeric characters required (0 to 31; default 0). ◦ special-char number - Minimum number of special characters required (0 to 31; default 0). Create password rules OS10(config)# password-attributes min-length 7 character-restriction upper 4 numeric 2 Display password rules OS10(config)# do show running-configuration password-attributes password-attributes min-length 7 character-restriction upper 4 numeric 2 Role-based access control RBAC provides control for access and authorization. Users are granted permissions based on defined roles - not on their individual system user ID. Create user roles based on job functions to help users perform their associated job function. You can assign each user only a single role, and many users can have the same role. When you enter a user role, you are authenticated and authorized. You do not need to enter an enable password because you are automatically placed in EXEC mode. OS10 supports the constrained RBAC model. With this model, you can inherit permissions when you create a new user role, restrict or add commands a user can enter, and set the actions the user can perform. This allows greater flexibility when assigning permissions for each command to each role. Using RBAC is easier and more efficient to administer user rights. If a user's role matches one of the allowed user roles for that command, command authorization is granted. A constrained RBAC model provides separation of duty as well as greater security. A constrained model places some limitations on each role's permissions to allow you to partition tasks. Some inheritance is possible. For greater security, only some user roles can view events, audits, and security system logs. Assign user role To limit OS10 system access, assign a role when you configure each user. • Enter a user name, password, and role in CONFIGURATION mode. username username password password role role - username username - Enter a text string (up to 32 alphanumeric characters; 1 character minimum). - password password - Enter a text string (up to 32 alphanumeric characters; 9 characters minimum). - role role - Enter a user role: ◦ sysadmin - Full access to all commands in the system, exclusive access to commands that manipulate the file system, and access to the system shell. A system administrator can create user IDs and user roles. ◦ secadmin - Full access to configuration commands that set security policy and system access, such as password strength, AAA authorization, and cryptographic keys. A security administrator can display security information, such as cryptographic keys, login statistics, and log information. ◦ netadmin - Full access to configuration commands that manage traffic flowing through the switch, such as routes, interfaces, and ACLs. A network administrator cannot access configuration commands for security features or view security information. ◦ netoperator - Access to EXEC mode to view the current configuration. A network operator cannot modify any configuration setting on a switch. 474 System management