Configuring user privilege and command levels, Configuring a user privilege level – H3C Technologies H3C SecPath F1000-E User Manual
Page 117

109
Configuring user privilege and command levels
To avoid unauthorized access, the device defines the user privilege levels and command levels in
. User privilege levels correspond to command levels. A user who has been logged in with a specific
privilege level can use only the commands at that level or lower levels.
All commands are categorized into four levels: visit, monitor, system, and manage, and are identified
from low to high, respectively by 0 through 3.
Table 24 Command levels and user privilege levels
Level Privilege Default set of commands
0 Visit
Includes commands for network diagnosis and commands for accessing an external
device. Configuration of commands at this level cannot survive a device restart. Upon
device restart, the commands at this level are restored to the default settings.
Commands at this level include ping, tracert, telnet and ssh2.
1 Monitor
Includes commands for system maintenance and service fault diagnosis. Commands at
this level are not saved after being configured. After the device is restarted, the commands
at this level are restored to the default settings.
Commands at this level include debugging, terminal, refresh, and send.
2 System
Includes service configuration commands, including routing configuration commands and
commands for configuring services at different network levels.
By default, commands at this level include all configuration commands except for those at
manage level.
3 Manage
Includes commands that influence the basic operation of the system and commands for
configuring system support modules.
By default, commands at this level involve the configuration commands of file system, FTP,
TFTP, Xmodem download, user management, level setting, and parameter settings within
a system (which are not defined by any protocols or RFCs).
Configuring a user privilege level
If the authentication mode on a user interface is scheme, configure a user privilege level for users who
access the interface by using the AAA module or directly on the user interface. For SSH users who use
public-key authentication, the user privilege level configured directly on the user interface always takes
effect. For other users, the user privilege level configured in the AAA module has priority over the one
configured directly on the user interface.
If the authentication mode on a user interface is none or password, configure the user privilege level
directly on the user interface.
For more information about user login authentication, see "Logging in to the CLI." For more information
about AAA and SSH, see System Management and Maintenance Configuration Guide.
Configuring a user privilege level for users by using the AAA module
Step Command
Remarks
1.
Enter system view.
system-view
N/A
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS