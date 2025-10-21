NVIDIA NVOS User Manual for InfiniBand Switches v25.02.5030
Role Based Access Control Commands

nv show system aaa role

Displays list of roles (user capabilities) and their groups.

Syntax Description

N/A

Default

N/A

History

25.02.3000

Example
admin@nvos:~$ nv show system aaa role
Role Name  Class   
---------  --------
admin      nvaction
           nvapply 
           sudo    
monitor    nvshow

REST API

GET https://<ip>/nvue_v1/system/aaa/role

Notes

  • admin—full administrative capabilities

  • monitor—read only capabilities, can not change the running configuration

nv show system aaa role id

Displays configuration of a role.

Syntax Description

role-id

The name of the role (i.e., admin, monitor)

Default

N/A

History

25.02.3000

Example
admin@nvos:~$ nv show system aaa role role1         
admin@nvos:~$ nv show system aaa role monitor 
         operational  applied
-------  -----------  -------
groups   adm,nvshow          
[class]  nvshow       nvshow

REST API

GET https://<ip>/nvue_v1/system/aaa/role/{role-id}

Notes

admin—full administrative capabilities

monitor—read only capabilities, cannot change the running configuration

nv show system aaa class

nv show system aaa class

Display all Classes configuration and state.

Syntax Description

N/A

Default

N/A

History

25.02.3000

Example
admin@nvos:~$ nv show system aaa class    
Class Name  Command Path  Permission  Action
----------  ------------  ----------  ------
nvaction    /             act         allow
nvapply     /             rw          allow
nvshow      /             ro          allow
sudo        /             all         allow
    

REST API

GET https://<ip>/nvue_v1/system/aaa/class

Notes

nv show system aaa class id

nv show system aaa class <class-id>

Display configuration and state of a class.

Syntax description

class-id

The name of the class.

Default

N/A

History

25.02.3000

Example
admin@nvos:~$ nv show sys aaa class nvshow
                applied
--------------  -------
action          allow
[command-path]  /

REST API

GET https://<ip>/nvue_v1/system/aaa/class/{class-id}

Notes

nv show system aaa class id command-path

nv show system aaa class <class-id> command-path [<command-path-id>]

Display configuration and state of a class command-paths.

Syntax description

class-id

The name of the class

command-path-id

The command path (e.g., /interface/eth0)

Default

N/A

History

25.02.3000

Example
admin@nvos:~$ nv show sys aaa class nvshow command-path
Command Path  Permission
------------  ----------
/             ro

REST API

GET https://<ip>/nvue_v1/system/aaa/class/{class-id}/command-path/{command-path-id}

nv set/unset system aaa class action

nv set system aaa class <class-id> action <arg>

nv unset system aaa class <class-id> action

Set the action to be taken upon getting a match on the command paths.

Unset the action to be taken upon getting a match on the command paths.

Syntax Description

class-id

The name of the class

arg

The action to be taken upon getting a match on the command paths

enum: allow, deny

Default

action: allow

History

25.02.3000

Example
admin@nvos:~$ nv set system aaa class ib_enjoyer action allow

REST API

N/A

nv set/unset system aaa class command-path

nv set system aaa class <class-id> command-path [<command-path-id>] [permission <permission>]

nv unset system aaa class <class-id> command-path [<command-path-id>] [permission]

Configure command paths for classes.

The unset form of the command clears command paths under classes.

Syntax Description

class-id

The name of the class

command-path-id

The command path (e.g., /interface/eth0)

permission

The permissions on the command path

enum: ro, rw, act, all

Default

permission: all

History

25.02.3000

Example
admin@nvos:~$ nv set system aaa class class3 command-path /interface/eth0/ permission all

REST API

PATCH https://<ip>/nvue_v1/system/aaa/class/{class-id}/command-path/{command-path-id}

nv unset system aaa class

nv unset system aaa class [<class-id>]

Clear class configuration.

Syntax Description

class-id

The name of the class

Default

N/A

History

25.02.3000

Example
admin@nvos:~$ nv unset system aaa class ib_enjoyer

REST API

PATCH https://<ip>/nvue_v1/system/aaa/class/{class-id}

A class cannot be unset if it is a part of a role.

nv set/unset system aaa role class

nv set system aaa role {<role-id> class <class-id>}

nv unset system aaa role {<role-id> class [<class-id>]}

Configure classes under role.

The unset form of the command clears classes under role.

Syntax Description

role-id

The name of the role

class-id

The name of the class

Default

N/A

History

25.02.3000

Example
admin@nvos:~$ nv set system aaa role role1 class class3         

REST API

PATCH https://<ip>/nvue_v1/system/aaa/role/{role-id}/class/{class-id}

nv unset system aaa role

nv unset system aaa role <role-id>

Clear role's configuration.

Syntax Description

role-id

The name of the role

Default

N/A

History

25.02.3000

Example
admin@nvos:~$ nv unset system aaa role role1         

REST API

PATCH https://<ip>/nvue_v1/system/aaa/role/{role-id}/

A role cannot be unset if it is a part of a user.
