role user

Function

The role user command associates a role with a user.

The undo role user command cancels the association between a role and a user.

Format

role role-name user user-name

undo role role-name user user-name

Parameters

Parameter	Description	Value
role-name	Specifies the role name.	The value must be an existing role name.
user-name	Specifies the user name.	The value must be an existing user name. When a user in a non-default authentication domain is specified, the user name must carry "@authentication-domain-name." For example, user1@test indicates user1 in the test authentication domain.

Parameter

Description

Value

role-name

Specifies the role name.

The value must be an existing role name.

user-name

Specifies the user name.

The value must be an existing user name.

When a user in a non-default authentication domain is specified, the user name must carry "@authentication-domain-name." For example, user1@test indicates user1 in the test authentication domain.

Views

Role view

Default Level

2: Configuration level

Usage Guidelines

When a role is associated with a user, the user can access the resources within the role authority and is restricted by the host check policies configured for the role.

A user cannot belong to both a default role and a customized role, but can belong to multiple customized roles. A user must belong to a certain role, and a role can contain multiple groups.

A customized role can be associated with a maximum of 256 users and user groups. The default role has no restrictions.

Example

# Associate role role1 with user user1.

<sysname> system-view
[sysname] v-gateway abc
[sysname-abc] role
[sysname-abc-role] role role1 user user1