No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Basic Configuration

S9300, S9300E, and S9300X V200R011C10

This document describes methods to use command line interface and to log in to the device, file operations, and system startup configurations.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Setting Command Levels

Setting Command Levels

Context

Each command on the device has a default level. The device administrator can change the command level as required so that users of different levels can execute commands correspondingly.

The system grants users different access permissions based on their roles. User levels are classified into sixteen levels, which correspond to the command levels. Users can use only the commands at the same or lower level than their own levels. By default, there are four command levels 0 to 3 and sixteen user levels 0 to 15. Table 1-5 describes the relationship between command levels and user levels.

Table 1-5  Relations between command levels and user levels

Command Level

Description

Example User Level

Visit level (level-0)

Diagnostic commands

  • tracert
  • ping
All levels (level-0 to level-15)
External device access commands
  • telnet
  • stelnet

Monitoring level (level-1)

System maintenance commands

display commands
NOTE:

Some display commands are not at this level. For example, the display current-configuration and display saved-configuration commands are level-3 commands.

Not lower than the monitoring level (level-1 to level-15)

Configuration level (level-2)

Service configuration commands

Route configuration commands Not lower than the configuration level (level-2 to level-15)

Management level (level-3)

Basic system operation commands
  • User management
  • Setting command levels
  • Setting system parameters
  • debugging commands
Management level (level-3 to level-15)
Support module commands
  • File system
  • FTP/TFTP downloading
  • Configuration file switching

For details about command levels, see S9300, S9300E, and S9300X V200R011C10 Command Reference.

The default command level setting is appropriate for user operation rights control; therefore, you are advised not to change command levels. If there are special requirements on user operation rights of a specific-level users, you can change the command level of specified commands. For example, if only level-4 and a higher level users are allowed to execute the stelnet command, you can upgrade the command level of the stelnet command to level-4.

In addition to upgrade a command level, you can also lower a command level.

NOTE:

Do not change the default level of a command. Otherwise, some users may be unable to use the command. If command levels are changed separately before you upgrade command levels in a batch, the levels of these commands remain unchanged. Therefore, you are advised to upgrade command levels in a batch before you upgrade the level of each command separately.

The execution of some commands depends on some conditions. For example, a command can be configured only when other commands are configured or the command is an upgrade-compatible command. When levels of these commands are adjusted using the command-privilege level command, the adjusted commands may not be executed. Level adjustment of a command is irrelevant to execution of the command.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Set the command level.

    • Run command-privilege level level view view-name command-key

      The command level is set in the specified view.

    • Run command-privilege level rearrange

      The command levels are upgraded in batches.

      • If command levels are not changed separately, the levels change according to the following rules after a batch command level upgrade command is executed:

        • The visit level and monitoring level remain unchanged.

        • The configuration level is upgraded to level 10, and the management level is upgraded to level 15.

        • There are no commands at levels 2 to 9 and levels 11 to 14. You can set commands to any of these levels separately to implement refined user rights management.

      • If you have run the command-privilege level level view view-name command-key command to change a command level before you execute the batch command level upgrade command, the level of this command remains unchanged.

      Before you run the batch command level upgrade command, ensure that your user level is 15. Otherwise, you cannot run the command.

Translation
Download
Updated: 2019-04-17

Document ID: EDOC1000178413

Views: 68513

Downloads: 109

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next