Manualshelf

R3204P16-HP Load Balancing Module Security Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
71727374757677787980
71
Description
Use the authorization-attribute command to configure authorization attributes for the local user or user
group. After the local user or a local user of the user group passes authentication, the LB module will
assign these attributes to the user.
Use the undo authorization-attribute command to remove authorization attributes.
By default, no authorization attribute is configured for a local user or user group.
Every configurable authorization attribute has its definite application environments and purposes.
However, the assignment of local user authorization attributes does not take the service type into account.
Therefore, when configuring authorization attributes for a local user, consider what attributes are
needed.
Authorization attributes configured for a user group are effective on all local users of the group.
An authorization attribute configured in local user view takes precedence over the same attribute
configured in user group view.
If you specify to perform no authentication or perform password authentication, the levels of commands
that a user can access after login depends on the level of the user interface. For information about user
interface login authentication method, see the authentication-mode command. If the authentication
method requires users to provide usernames and passwords, the levels of commands that a user can
access after login depends on the level of the user. For an SSH user authenticated with an RSA public key,
which commands are available depends on the level specified on the user interface.
If you remove the specified work directory from the file system, the FTP/SFTP user(s) will not be able to
access the directory.
If the specified work directory carries the backup card slot information, the FTP/SFTP user(s) will not be
able to access the directory after a switchover between the main card and backup card occurs. Therefore,
specifying slot information for the work directory is not recommended.
Examples
# Configure the authorized VLAN of user group abc as VLAN 3.
<Sysname> system-view
[Sysname] user-group abc
[Sysname-ugroup-abc] authorization-attribute vlan 3
authorization-attribute user-profile
Syntax
authorization-attribute user-profile profile-name
undo authorization-attribute user-profile
View
ISP domain view
Default level
3: Manage level
Parameters
profile-name: Name of the user profile, a case-sensitive string of 1 to 31 characters.