Manualshelf

HP MSR2000/3000/4000 Router Series Fundamentals Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
21222324252627282930
18
User role name Permissions
level-n (n = 0 to 15)
level-0—Has access to diagnostic commands, including ping, tracert,
ssh2, telnet, and super. Level-0 access rights are configurable.
level-1—Has access to the display commands (except display
history-command all) of all features and resources in the system, in
addition to all access rights of the user role level-0. Level-1 access rights
are configurable.
level-2 to level-8, and level-10 to level-14Have no access rights by
default. Access rights are configurable.
level-9—Has access to all features and resources except those in the
following list. If you are logged in with a local user account that has a
level-9 user role, you can change the password in the local user account.
Level-9 access rights are configurable.
{ RBAC non-debugging commands.
{ Local users.
{ File management.
{ Device management.
{ The display history-command all command.
level-15—Has the same rights as network-admin.
security-audit
Security log manager. The user role has access to security log files:
It has access to the commands for displaying and maintaining security
log files, for example, the dir, display security-logfile summary, and
more commands.
It has access to the commands for managing security log files and
security log file system, for example, the info-center security-logfile
directory, mkdir, and security-logfile save commands.
For more information about security log management, see Network
Management and Monitoring. For more information about file system
management, see "Managing the file system."
IMPORTANT:
Only the security-audit user role has access to security log files. Other user
roles do not have the access right even if you have configured the user roles to
have the access permission.
Assigning user roles
You assign access rights to users by assigning at least one user role. The users can use the collection of
commands and resources accessible to any user role assigned to them. For example, user role A denies
access to the qos apply policy command and permits access to only interface Ethernet 1/1, and user role
B permits access to the qos apply policy command and all interfaces. With these two user roles, you can
access any interface to use the qos apply policy command.
Depending on the authentication method, user role assignment has the following methods:
AAA authorization—If scheme authentication is used, the AAA module handles user role
assignment.
{ If the user passes local authorization, the device assigns the user roles specified in the local user
account.