Chapter 6: Using the Web Interface168If the Restricted Service Agreement feature is enabled, the RestrictedService Agreement is displayed when any user logs in to the EMX. Doeither of the following, or you cannot successfully log in to the EMX: In the web interface, select the checkbox labeled "I understand andaccept the Restricted Service Agreement."Tip: To select the agreement checkbox using the keyboard, pressthe Space bar. In the CLI, type y when the confirmation message "I understand andaccept the Restricted Service Agreement" is displayed.Setting Up Role-Based Access Control RulesRole-based access control rules are similar to firewall rules, except theyare applied to members sharing a specific role. This enables you to grantsystem permissions to a specific role, based on their IP addresses.To set up role-based access control rules:1. Enable the feature. See Enabling the Feature (on page 168).2. Set the default policy. See Changing the Default Policy (on page169).3. Create rules specifying which addresses to accept and which ones todiscard when the addresses are associated with a specific role. SeeCreating Role-Based Access Control Rules (on page 169).Changes made do not affect users currently logged in until the next login.Enabling the FeatureYou must enable this access control feature before any relevant rule cantake effect.To enable role-based access control rules:1. Choose Device Settings > Security > Role Based Access Control.The Configure Role Based Access Control Settings dialog appears.2. To enable the IPv4 firewall, click the IPv4 tab, and select the "EnableRole Based Access Control for IPv4" checkbox.3. To enable the IPv6 firewall, click the IPv6 tab, and select the "EnableRole Based Access Control for IPv6" checkbox.4. Click OK.