No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
S600-E V200R019C10 Configuration Guide - Basic Configuration

This document describes the configurations of Basic, including CLI Overview, EasyDeploy Configuration, Logging In to a Device for the First Time, CLI Login Configuration, Web System Login Configuration, File Management, Configuring System Startup, BootLoad Menu Operation.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Setting Command Privilege Levels

Setting Command Privilege Levels

Context

Each command on the device has a default privilege level. The device administrator can change the command privilege level as required so that users of different privilege levels can execute commands correspondingly. The system grants users different access permissions based on their roles. User privilege levels are classified into sixteen levels, which correspond to the command privilege levels. Users can use only the commands at the same or lower privilege level than their own privilege levels. By default, there are four command privilege levels 0 to 3 and sixteen user privilege levels 0 to 15. Table 1-5 describes the relationship between command privilege levels and user privilege levels.

Table 1-5 Relations between command privilege levels and user privilege levels

Command Privilege Level

Description

Example

User Privilege Level

Visit level (level-0)

Diagnostic commands
  • tracert
  • ping

All levels (level-0 to level-15)

External device access commands
  • telnet
  • stelnet

Monitoring level (level-1)

System maintenance commands

display commands

NOTE:

Some display commands are not at this level. For example, the display current-configuration and display saved-configuration commands are level-3 commands.

Not lower than the monitoring level (level-1 to level-15)

Configuration level (level-2)

Service configuration commands

Route configuration commands

Not lower than the configuration level (level-2 to level-15)

Management level (level-3)

Basic system operation commands
  • User management
  • Setting command privilege levels
  • Setting system parameters
  • debugging commands

Management level (level-3 to level-15)

Support module commands
  • File system
  • FTP/TFTP downloading
  • Configuration file switching

For details about command privilege levels, see S600-E V200R019C10 Command Reference.

The default command privilege level setting is appropriate for user operation rights control; therefore, you are advised not to change command privilege levels. If there are special requirements on user operation rights of a specific-level user, you can change the command privilege level of specified commands. For example, if only level-4 and a higher level users are allowed to execute the stelnet command, you can upgrade the command privilege level of the stelnet command to level-4.

In addition to upgrading a command privilege level, you can also lower a command privilege level.

Do not change the default privilege level of a command. Otherwise, some users may be unable to use the command. If command privilege levels are changed separately before you upgrade command privilege levels in a batch, the levels of these commands remain unchanged. Therefore, you are advised to upgrade command privilege levels in a batch before you upgrade the level of each command separately.

The execution of some commands depends on some conditions. For example, a command can be configured only when other commands are configured or the command is an upgrade-compatible command. When levels of these commands are adjusted using the command-privilege level command, the adjusted commands may not be executed. Level adjustment of a command is irrelevant to execution of the command.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Set the command privilege level.

    • Run command-privilege level level view view-name command-key

      The command privilege level is set in the specified view.

    • Run command-privilege level rearrange
      The command privilege levels are upgraded in batches.

      • If command privilege levels are not changed separately, the levels change according to the following rules after a batch command privilege level upgrade command is executed:

        • The visit level and monitoring level remain unchanged.

        • The configuration level is upgraded to level 10, and the management level is upgraded to level 15.

        • There are no commands at levels 2 to 9 and levels 11 to 14. You can set commands to any of these levels separately to implement refined user rights management.

      • If you have run the command-privilege level level view view-name command-key command to change a command privilege level before you execute the batch command privilege level upgrade command, the level of this command remains unchanged.

      Before you run the batch command privilege level upgrade command, ensure that your user privilege level is 15. Otherwise, you cannot run the command.

Translation
简体中文
Download
Updated: 2022-05-25

Document ID: EDOC1100127196

Views: 105516

Downloads: 39

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :