Role Based Access Control Commands

nv show system aaa role

	nv show system aaa role Displays list of roles (user capabilities) and their groups.
Syntax Description	N/A
Default	N/A
History	25.02.3000
Example	`admin@nvos:~$ nv show system aaa role Role Name Class --------- -------- admin nvaction nvapply sudo monitor nvshow`
REST API	GET https://<ip>/nvue_v1/system/aaa/role
Related commands	nv show system aaa role monitor nv show system aaa role <role-id> nv set system aaa role <role-id> class <class-id>
Notes	admin—full administrative capabilities monitor—read only capabilities, can not change the running configuration

nv show system aaa role id

	nv show system aaa role <role-id> Displays configuration of a role.
Syntax Description	role-id	The name of the role (i.e., admin, monitor)
Default	N/A
History	25.02.3000
Example	`admin@nvos:~$ nv show system aaa role role1` `admin@nvos:~$ nv show system aaa role monitor operational applied ------- ----------- ------- groups adm,nvshow [class] nvshow nvshow`
REST API	GET https://<ip>/nvue_v1/system/aaa/role/{role-id}
Related commands	nv show system aaa role nv set system aaa role <role-id> class <class-id>
Notes	admin—full administrative capabilities monitor—read only capabilities, cannot change the running configuration

nv show system aaa class

	nv show system aaa class Display all Classes configuration and state.
Syntax Description	N/A
Default	N/A
History	25.02.3000
Example	`admin@nvos:~$ nv show system aaa class Class Name Command Path Permission Action ---------- ------------ ---------- ------ nvaction / act allow nvapply / rw allow nvshow / ro allow sudo / all allow`
REST API	GET https://<ip>/nvue_v1/system/aaa/class
Related Commands	nv set system aaa class <class-id> command-path <command-path-id> nv set system aaa class <class-id> action <arg>
Notes

nv show system aaa class id

	nv show system aaa class <class-id> Display configuration and state of a class.
Syntax description	class-id	The name of the class.
Default	N/A
History	25.02.3000
Example	`admin@nvos:~$ nv show sys aaa class nvshow applied -------------- ------- action allow [command-path] /`
REST API	GET https://<ip>/nvue_v1/system/aaa/class/{class-id}
Related Commands	nv set system aaa class <class-id> command-path <command-path-id> nv set system aaa class <class-id> action <arg> nv show system aaa class
Notes

nv show system aaa class id command-path

	nv show system aaa class <class-id> command-path [<command-path-id>] Display configuration and state of a class command-paths.
Syntax description	class-id	The name of the class
	command-path-id	The command path (e.g., /interface/eth0)
Default	N/A
History	25.02.3000
Example	`admin@nvos:~$ nv show sys aaa class nvshow command-path Command Path Permission ------------ ---------- / ro`
REST API	GET https://<ip>/nvue_v1/system/aaa/class/{class-id}/command-path/{command-path-id}
Related Commands	nv set system aaa class <class-id> command-path <command-path-id> nv set system aaa class <class-id> action <arg> nv show system aaa class
Notes

nv set/unset system aaa class action

	nv set system aaa class <class-id> action <arg> nv unset system aaa class <class-id> action Set the action to be taken upon getting a match on the command paths. Unset the action to be taken upon getting a match on the command paths.
Syntax Description	class-id	The name of the class
	arg	The action to be taken upon getting a match on the command paths enum: allow, deny
Default	action: allow
History	25.02.3000
Example	`admin@nvos:~$ nv set system aaa class ib_enjoyer action allow`
REST API	N/A
Related Commands
Notes

nv set/unset system aaa class command-path

	nv set system aaa class <class-id> command-path [<command-path-id>] [permission <permission>] nv unset system aaa class <class-id> command-path [<command-path-id>] [permission] Configure command paths for classes. The unset form of the command clears command paths under classes.
Syntax Description	class-id	The name of the class
	command-path-id	The command path (e.g., /interface/eth0)
	permission	The permissions on the command path enum: ro, rw, act, all
Default	permission: all
History	25.02.3000
Example	`admin@nvos:~$ nv set system aaa class class3 command-path /interface/eth0/ permission all`
REST API	PATCH https://<ip>/nvue_v1/system/aaa/class/{class-id}/command-path/{command-path-id}
Related Commands	nv set system aaa class <class-id> action <arg>
Notes

nv unset system aaa class

	nv unset system aaa class [<class-id>] Clear class configuration.
Syntax Description	class-id	The name of the class
Default	N/A
History	25.02.3000
Example	`admin@nvos:~$ nv unset system aaa class ib_enjoyer`
REST API	PATCH https://<ip>/nvue_v1/system/aaa/class/{class-id}
Related Commands	nv set system aaa class <class-id> command-path <command-path-id> nv set system aaa class <class-id> action
Notes	A class cannot be unset if it is a part of a role.

nv set/unset system aaa role class

	nv set system aaa role {<role-id> class <class-id>} nv unset system aaa role {<role-id> class [<class-id>]} Configure classes under role. The unset form of the command clears classes under role.
Syntax Description	role-id	The name of the role
	class-id	The name of the class
Default	N/A
History	25.02.3000
Example	`admin@nvos:~$ nv set system aaa role role1 class class3`
REST API	PATCH https://<ip>/nvue_v1/system/aaa/role/{role-id}/class/{class-id}
Related Commands	nv set system aaa class <class-id> action <arg> nv set system aaa class <class-id> command-path <command-path-id> nv set/unset system aaa user role
Notes

nv unset system aaa role

	nv unset system aaa role <role-id> Clear role's configuration.
Syntax Description	role-id	The name of the role
Default	N/A
History	25.02.3000
Example	`admin@nvos:~$ nv unset system aaa role role1`
REST API	PATCH https://<ip>/nvue_v1/system/aaa/role/{role-id}/
Related Commands	nv set system aaa role <role-id> class <class-id>
Notes	A role cannot be unset if it is a part of a user.

Last updated: June 01, 2026