role-switch command close exclude audit-admin

Function

The role-switch command close exclude audit-admin command disables the right- and domain-based command line control.

The undo role-switch command close exclude audit-admin command enables the right- and domain-based command line control.

Format

role-switch command close exclude audit-admin

undo role-switch command close exclude audit-admin

Parameters

None

Views

AAA view

Default Level

3: Management level

Usage Guidelines

By default, rights-and domain-based command line control is enabled.

You can run this command to disable the rights-and domain-based command line control function. Only the system administrator can run this command.

After this command is executed, a non-audit-administrator-command can be executed as long as the level of the administrator is no lower than the level of the command.

This command does not take effect for the audit administrator. The command execution permission of the audit administrator remains unchanged before and after this command is executed. That is, the command line of the audit administrator can be executed only when both of the following conditions are met:

The privilege level of the administrator is no lower than that for this command.
The role of the audit administrator has the permission on the command module (feature to which the command belongs).

Example

# Disable the rights-and domain-based command line control function.

<sysname> system-view
[sysname] aaa
[sysname-aaa] role-switch command close exclude audit-admin
 Warning: the switch of role will be closed, and security risks exist. Are you sure you want to do this[Y/N]?:y