Manualshelf

R0106-HP MSR Router Series Fundamentals Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
21222324252627282930
18
User role name Permissions
level-n (n = 0 to 15)
level-0—Has access to diagnostic commands, including ping, tracert,
ssh2, telnet, and super. Level-0 access rights are configurable.
level-1—Has access to the display commands of all features and
resources in the system except display history-command all. The level-1
user role also has all access rights of the level-0 user role. Level-1 access
rights are configurable.
level-2 to level-8, and level-10 to level-14—Do not have any access
rights by default. Access rights are configurable.
level-9—Has access to all features and resources except those in the
following list. If you are logged in with a local user account that has a
level-9 user role, you can change the password in the local user account.
Level-9 access rights are configurable.
{ RBAC non-debugging commands.
{ Local users.
{ File management.
{ Device management.
{ The display history-command all command.
level-15—Has the same rights as network-admin.
Assigning user roles
You assign access rights to users by assigning a minimum of one user role. The users can use the
collection of system items and resources accessible to any user role assigned to them. For example, you
can access any interface to use the qos apply policy command if you are assigned the following user
roles:
User role A denies access to the qos apply policy command and permits access to only interface
GigabitEthernet 2/1/1.
User role B permits access to the qos apply policy command and all interfaces.
Depending on the authentication method, user role assignment has the following methods:
AAA authorization—If scheme authentication is used, the AAA module handles user role
assignment.
{ If the user passes local authorization, the device assigns the user roles specified in the local user
account.
{ If the user passes remote authorization, the remote AAA server assigns the user roles specified
on the server. The AAA server can be a RADIUS or HWTACACS server.
Non-AAA authorization—When the user accesses the device without authentication or by passing
password authentication, the device assigns user roles specified on the user line. This method also
applies to SSH clients that use publickey or password-publickey authentication. User roles assigned
to these SSH clients are specified in their respective device management user accounts.
For more information about AAA and SSH, see Security Configuration Guide. For more information
about user line, see "Login overview" and "Logging in to the CLI."