User Policies
User policies connect who (a user or group) to what they can do (a command set + shell privilege) on which devices. This is where RBAC actually gets applied.
Create a policy
- Go to Device Admin (TACACS+) → User Policies → New.
- Define the match:
- Group (or user) — from your shared Identity directory.
- Device group — which network devices this applies to (leave
(all)for everywhere). - Priority — lower is evaluated first.
- Set what they get:
- Command set — the Command Set that governs their commands.
- Shell privilege — the level they land on (overrides the default from Settings).
- Save.
How it's evaluated
When an admin logs into a device, DashX finds the first matching policy by priority, grants the shell privilege, and enforces the assigned command set on every command (if RBAC is on).
tip
Model it as roles: NOC → read‑only set, priv 1 and Net Eng → full set, priv 15, both scoped to the right device groups. Keep a low‑priority catch‑all so no one is left without a policy.