Configuring user privilege and command levels, Configuring a user privilege level – H3C Technologies H3C SecPath F1000-E User Manual

109

Configuring user privilege and command levels

To avoid unauthorized access, the device defines the user privilege levels and command levels in

Table

24

. User privilege levels correspond to command levels. A user who has been logged in with a specific

privilege level can use only the commands at that level or lower levels.
All commands are categorized into four levels: visit, monitor, system, and manage, and are identified

from low to high, respectively by 0 through 3.

Table 24 Command levels and user privilege levels

Level Privilege Default set of commands

0 Visit

Includes commands for network diagnosis and commands for accessing an external
device. Configuration of commands at this level cannot survive a device restart. Upon

device restart, the commands at this level are restored to the default settings.
Commands at this level include ping, tracert, telnet and ssh2.

1 Monitor

Includes commands for system maintenance and service fault diagnosis. Commands at
this level are not saved after being configured. After the device is restarted, the commands
at this level are restored to the default settings.
Commands at this level include debugging, terminal, refresh, and send.

2 System

Includes service configuration commands, including routing configuration commands and
commands for configuring services at different network levels.
By default, commands at this level include all configuration commands except for those at
manage level.

3 Manage

Includes commands that influence the basic operation of the system and commands for
configuring system support modules.
By default, commands at this level involve the configuration commands of file system, FTP,
TFTP, Xmodem download, user management, level setting, and parameter settings within

a system (which are not defined by any protocols or RFCs).

Configuring a user privilege level

If the authentication mode on a user interface is scheme, configure a user privilege level for users who

access the interface by using the AAA module or directly on the user interface. For SSH users who use
public-key authentication, the user privilege level configured directly on the user interface always takes

effect. For other users, the user privilege level configured in the AAA module has priority over the one

configured directly on the user interface.
If the authentication mode on a user interface is none or password, configure the user privilege level
directly on the user interface.
For more information about user login authentication, see "Logging in to the CLI." For more information

about AAA and SSH, see System Management and Maintenance Configuration Guide.

Configuring a user privilege level for users by using the AAA module

Step Command

Remarks

1.

Enter system view.

system-view

N/A