Skip to main content

User Policies

User policies connect who (a user or group) to what they can do (a command set + shell privilege) on which devices. This is where RBAC actually gets applied.

Create a policy

  1. Go to Device Admin (TACACS+) → User PoliciesNew.
  2. Define the match:
    • Group (or user) — from your shared Identity directory.
    • Device group — which network devices this applies to (leave (all) for everywhere).
    • Priority — lower is evaluated first.
  3. Set what they get:
    • Command set — the Command Set that governs their commands.
    • Shell privilege — the level they land on (overrides the default from Settings).
  4. Save.

How it's evaluated

When an admin logs into a device, DashX finds the first matching policy by priority, grants the shell privilege, and enforces the assigned command set on every command (if RBAC is on).

tip

Model it as roles: NOC → read‑only set, priv 1 and Net Eng → full set, priv 15, both scoped to the right device groups. Keep a low‑priority catch‑all so no one is left without a policy.