configure identity-management role add dynamic-rule

configure identity-management role role_name [add dynamic-rule rule_name { first | last | { [before | after] ref_rule_name}}]


Adds a dynamic ACL rule for the specified role and specifies the order.

Syntax Description


Specifies the name of an existing role.


Specifies the name of a dynamic ACL rule to add to the specified role.


The order of the dynamic rule is last if the order is not explicitly specified.

Usage Guidelines

The maximum number of policies or ACL rules that can be applied to a particular role is restricted to 8. This count does not include the policies and rules inherited from a parent role. Since the maximum hierarchy depth is 5, the maximum number of policies and rules supported for a role at the maximum hierarchy depth is 40 (8 x 5).

When a dynamic ACL rule is added to a role, it is immediately installed for all identities mapped to that role and roles below it in the role hierarchy.


The following example configures the role named India-Engr to use the ACL rule named india-Engr-rule:

* Switch.55 # configure identity-management role "India-Engr" add dynamic-rule india-Engr-rule


This command was first available in ExtremeXOS 12.5.

This command was modified in ExtremeXOS 15.2.1 to specify order.

Platform Availability

This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X695, X870, 5320, 5420, and 5520 series switches.