Manualshelf

F3215-HP Load Balancing Module Security Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
61626364656667686970
57
Syntax
authorization-attribute { level level | user-role { guest | guest-manager | security-audit } |
work-directory directory-name } *
undo authorization-attribute { level | user-role | work-directory } *
Default
No authorization attribute is configured for a local user or user group.
Views
Local user view, user group view
Default command level
3: Manage level
Parameters
level level: Specifies the user level, which can be 0 for visit level, 1 for monitor level, 2 for system level,
and 3 for manage level. A smaller number means a lower level. This parameter determines the command
level for login users whose user interfaces perform AAA authentication. By default, the user level is 0, and
users can use only commands of level 0 after login.
user-role: Specifies the role for the local user. This keyword is available in only local user view. Users
playing different roles can access different levels of commands. If you specify no role for a local user, the
access right of the user after login depends on other authorization attributes. Supported roles include:
guest: A guest user account is usually created through the Web interface.
guest-manager: An authenticated guest manager can manage guest user accounts on Web pages.
security-audit: An authenticated security log administrator can manage security log files. The
commands that a security log administrator can use are described in the information center
commands. For more information, see System Maintenance Command Reference.
work-directory directory-name: Specifies the work directory, if the user or users use the FTP or SFTP
service. The directory-name argument is a case-insensitive string of 1 to 135 characters. The directory
must already exist. By default, an FTP or SFTP user can access the root directory of the device.
Usage guidelines
Every configurable authorization attribute has its definite application environments and purposes.
Consider the service types of users when assigning authorization attributes.
Authorization attributes configured for a user group are effective for all local users in the group. You can
group local users to improve configuration and management efficiency.
An authorization attribute configured in local user view takes precedence over the same attribute
configured in user group view. If an authorization attribute is configured in user group view but not in
local user view, the setting in user group view takes effect.
If only one user is playing the role of security log administrator in the system, you cannot delete the user
account or remove or change the user's role, unless you first configure another user as a security log
administrator.
A local user can play only one role at a time. If you execute the command multiple times, the most recent
configuration takes effect.
Examples
# Configure the authorized user level of local user abc as 2.
<Sysname> system-view