49Field Description• deny—Denies access to any VPN except permitted VPNs.• permit (default)—Default VPN instance policy, which enablesthe user role to access any VPN instance.Permitted VPN instances VPNs accessible to the user role.RuleUser role rule number.A user role rule specifies access permissions for items, includingcommands, feature-specific commands, XML elements, and MIBnodes.Predefined user role rules are identified by sys-n, where n representsan integer.PermAccess control type:• permit—User role has access to the specified items.• deny—User role does not have access to the specified items.TypeControlled type:• R—Read-only.• W—Write.• X—Execute.ScopeRule control scope:• command—Controls access to the command or commands, asspecified in the Entity field.• feature—Controls access to the commands of the feature, asspecified in the Entity field.• feature-group—Controls access to the commands of thefeatures in the feature group, as specified in the Entity field.• xml-element—Controls access to XML elements.• oid—Controls access to MIB nodes.EntityCommand string, feature name, feature group, XML element, or OIDspecified in the user role rule:• An en dash (–) represents any feature.• An asterisk (*) represents zero or more characters.Related commandsroledisplay role featureUse display role feature to display features available in the system.Syntaxdisplay role feature [ name feature-name | verbose ]ViewsAny viewPredefined user rolesnetwork-adminnetwork-operator