F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100
205
Ste
p
Command
Remarks
9. Configure
authorization
attributes for the
local user.
authorization-attribute { acl
acl-number | callback-number
callback-number | idle-cut
minute | level level | user-role
{ guest | guest-manager |
security-audit } | vlan vlan-id
| work-directory
directory-name } *
Optional.
By default, no authorization attribute is configured
for a local user.
For PPP users, only acl, callback-number, and
idle-cut are supported.
For portal users, only acl, idle-cut, and vlan are
supported.
For SSH, terminal, and Web users, only level is
supported.
For FTP users, only level and work-directory are
supported.
For Telnet users, only level and user-role is
supported.
For other types of local users, no authorization
attribute is supported.
10. Set the validity
time of the local
user.
validity-date time
Optional.
Not set by default.
11. Set the expiration
time of the local
user.
expiration-date time
Optional.
Not set by default.
12. Assign the local
user to a user
group.
group group-name
Optional.
By default, a local user belongs to the default user
group system.
426BConfiguring user group attributes
User groups simplify local user configuration and management. A user group comprises a group of local
users and has a set of local user attributes. You can configure local user attributes for a user group to
implement centralized user attributes management for the local users in the group. Configurable user
attributes include password control attributes and authorization attributes.
By default, every newly added local user belongs to the default user group system and bears all attributes
of the group. To assign a local user to a different user group, use the user-group command in local user
view.
To configure attributes for a user group:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a user group
and enter user group
view.
user-group group-name N/A