Switching the user privilege level – H3C Technologies H3C SecBlade NetStream Cards User Manual
Page 32
17
need to re-log in, but the commands that they can execute have changed. For example, if the current user
privilege level is 3, the user can configure system parameters. After switching to user privilege level 0, the
user can only execute simple commands, like ping and tracert, and only a few display commands. The
switching operation is effective for the current login. After the user relogs in, the user privilege restores to
the original level.
•
To avoid problems, H3C recommends that administrators log in to the device by using a lower
privilege level and view device operating parameters, and when they have to maintain the device,
they can switch to a higher level temporarily
•
If the administrators need to leave for a while or ask someone else to manage the device
temporarily, they can switch to a lower privilege level before they leave to restrict the operation by
others.
Setting the authentication mode for user privilege level switch
•
A user can switch to a privilege level equal to or lower than the current one unconditionally and is
not required to input a password (if any).
•
For security, a user is required to input the password (if any) to switch to a higher privilege level.
Follow these steps to set the authentication mode for user privilege level switch:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Set the authentication mode for
user privilege level switch
super authentication-mode
{ local | scheme } *
Optional
local by default.
Configure the password for
user privilege level switch
super password [ level
user-level ] { simple | cipher }
password
Required if the authentication mode is set
to local (specify the local keyword when
setting the authentication mode)
By default, no privilege level switch
password is configured.
CAUTION:
•
If no user privilege level is specified when you configure the password for switching the user privilege
level with the super password command, the user privilege level defaults to 3.
•
If you specify the simple keyword, the password is saved in the configuration file in plain text, which is
easy to be stolen. If you specify the cipher keyword, the password is saved in the configuration file in
cipher text, which is safer.
•
If the user logs in from the console user interface (the console port), the privilege level can be switched
to a higher level, although the authentication mode is local, and no user privilege level password is
configured.
Switching the user privilege level
Follow these steps to switch the user privilege level:
To do…
Use the command…
Remarks
Switch the user
privilege level
super [ level ]
Required
When logging in to the device, a user has a user privilege level,
which depends on user interface or authentication user level.
Available in user view.