CLI user roles

A CLI user role is an access control mechanism that

determines the level of command access a user has on managed devices,
controls whether users can execute configuration or non-configuration commands, and
provides security by restricting unauthorized access to critical system functions.

Role types and permissions

On managed devices, user access to commands in the CLI depends on the role you assign.

None: The user cannot log into the device on the command line.
Config: The user can access all commands, including configuration commands. Exercise caution in assigning this level of access to users.
Basic: The user can access non-configuration commands only. Allowed commands are dig, ping, and traceroute. Only internal users and Firewall Threat Defense external RADIUS users support the Basic role.