DELL 9.8(0.0) User Manual

Usage 
Information

By default, access to commands are determined by the user’s role (if defined) or by 
the user’s privilege level. If the aaa authorization role-only command is 
enabled, then only the user’s role is used.

Before you enable role-based only AAA authorization:

1.

Locally define a system administrator user role.This will give you access to 
login with full permissions even if network connectivity to remote 
authentication servers is not available.

2.

Configure login authentication on the console. This ensures that all users are 
properly identified through authentication no matter the access point

3.

Specify an authentication method (RADIUS, TACACS+, or Local). 

4.

Specify authorization method (RADIUS, TACACS+  or Local).                   

5.

Verify the configuration has been applied to the console or VTY line. 

Related 
Commands

login authentication, password, radius-server host, tacacs-server host

role 

Changes command permissions for roles.

Syntax

role mode { { { addrole | deleterole } role-name } | reset } command
To delete access to a command, use the no role mode role-name 

Parameters

Enter one of the following keywords as the mode for which 
you are controlling access:

configure for CONFIGURATION mode

exec for EXEC mode

interface for INTERFACE modes

line for LINE mode

route-map for Route-map mode

router for Router mode

addrole

Enter the keyword addrole to add permission to the 
command. You cannot add or delete rights for the sysadmin 
role.

deleterole

Enter the keyword deleterole to remove access to the 
command. You cannot add or delete rights for the sysadmin 
role.

Security

1669