 User Roles
User RolesThis section describes how to create a new user role and configure command permissions and contains 
the following topics.
•Creating a New User Role 
•Modifying Command Permissions for Roles 
•Adding and Deleting Users from a Role
Creating a New User Role
Instead of using the system defined user roles, you can create a new user role that best matches your 
organization. When you create a new user role, you can first inherit permissions from one of the system 
defined roles. Otherwise you would have to create a user role’s command permissions from scratch. You 
then restrict commands or add commands to that role. For more information about this topic, see 
Modifying Command Permissions for Roles.
NOTE: You can change user role permissions on system pre-defined user roles or user-defined user 
roles.
Important Points to Remember
Consider the following when creating a user role:
• Only the system administrator and user-defined roles inherited from the system administrator can 
create roles and user names. Only the system administrator, security administrator, and roles inherited 
from these can use the "role" command to modify command permissions. The security administrator 
and roles inherited by security administrator can only modify permissions for commands they already 
have access to.
• Make sure you select the correct role you want to inherit.
• If you inherit a user role, you cannot modify or delete the inheritance. If you want to change or 
remove the inheritance, delete the user role and create it again. If the user role is in use, you cannot 
delete the user role.
1. Create a new user role
CONFIGURATION mode
userrole name [inherit existing-role-name]
2. Verify that the new user role has inherited the security administrator permissions.
Dell(conf)#do show userroles
EXEC Privilege mode
3. After you create a user role, configure permissions for the new user role. See Modifying Command 
Permissions for Roles.
Example of Creating a User Role
The configuration in the following example creates a new user role, myrole, which inherits the security 
administrator (secadmin) permissions.
814 Security