Assign and View XCO Roles

You can assign a role to a user and to an LDAP group. For more information about XCO roles, see XCO RBAC Policy Enforcement.

To assign a role to a user, run the following command:
```
# efa auth rolemapping add --name=user2 --role SystemAdmin –auth-type HOST
Successfully added the role mapping
```
In this example, a user named user2 was assigned the role of SystemAdmin.

To assign a role to an LDAP group, run the following command:

# efa auth rolemapping add --name "cn=viewer,dc=extr,dc=com" --role NetworkOperator --type group
--auth-type LDAP --auth-identifier ldapconfig
Successfully added the role mapping.

In this example, a group named "cn=viewer,dc=extr,dc=com" was assigned the role of NetworkOperator.

To view all role assignments, run the following command:

# efa auth rolemapping show 
+----+----------+-----------------+-------+-----------+------------+ 
| ID | Name     | Role            | Type  | Auth Type | Auth Identifier 
| +----+----------+-----------------+-------+-----------+------------+ 
| 1  | efauser   | SystemAdmin     | USER  | HOST      |            
| +----+----------+-----------------+-------+-----------+------------+ 
| 2 | fabricuser| FabricAdmin     | USER | LOCAL      |            
| +----+----------+-----------------+-------+-----------+------------+ 
| 3 | viewer     | NetworkOperator | GROUP  | TACACS      | 10.x.x.x           
| +----+----------+-----------------+-------+-----------+------------+ 
| 5 | cn=viewer,dc=extr,dc=com    | NetworkOperator     | GROUP  | LDAP      | ldapconfig  
| +----+----------+-----------------+-------+-----------+------------+

To delete a role assignment, run the following command:
```
# efa auth rolemapping remove --id 3
Deleted role mapping successfully
```
In this example, the role for the user with ID 3 was removed.