Assign and View EFA Roles

You can assign a role to a user and to an LDAP group.

About this task

For more information about EFA roles, see EFA RBAC Policy Enforcement.

Procedure

To assign a role to a user, run the following command.
```
# efa auth rolemapping add --name fabricuser --role FabricAdmin --type user
Successfully added the role mapping
```
In this example, a user named fabricuser was assigned the role of FabricAdmin.
To assign a role to an LDAP group, run the following command.
```
# efa auth rolemapping add --name "cn=viewer,dc=extr,dc=com" --role NetworkOperator 
--type group
Successfully added the role mapping.
```
In this example, a group named "cn=viewer,dc=extr,dc=com" was assigned the role of NetworkOperator.

To view all role assignments, run the following command.

# efa auth rolemapping show
ID  Name	 Role	      Type
1   efauser    SystemAdmin      USER
2   fabricuser FabricAdmin      USER
3   viewer     NetworkOperator  GROUP

To delete a role assignment, run the following command.
```
# efa auth rolemapping remove --id 3
Deleted role mapping successfully
```
In this example, the role for the user with ID 3 was removed.

Switching

Routing

Wireless

Management & Automation

Analytics & Visibility

Security & Access Control

Remote

Cloud

Security

Machine Learning

Campus Fabric

Data Center Fabric

Internet of Things

Wi-Fi 6

Primary & Secondary Education (K-12)

Retail

Service Providers

Federal Government

Manufacturing

Higher Education

Healthcare

Hospitality

State & Local Government

Sports & Public Venues

Support Portal

Knowledge Base

Documentation

End of Sale

Policies & Warranties

Training & Courses

Maintenance Services

Premier Services

Professional Services

Managed Services

Assign and View EFA Roles

About this task

Procedure