R0106-HP MSR Router Series Fundamentals Configuration Guide(V7)

FIPS compliance

The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,

commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about

FIPS mode, see Security Configuration Guide.

Configuration task list

Tasks at a glance

(Required.) Creating user roles

(Required.) Configuring user role rules

(Optional.) Configuring feature groups

(Optional.) Changing resource access policies

(Optional.) Assigning user roles

(Optional.) Configuring temporary user role authorization

Creating user roles

In addition to the predefined user roles, you can create up to 64 custom user roles for granular access

control.

To create a user role:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Create a user role and

enter user role view.

role name role-name

By default, the system has the following

predefined user roles:

• network-admin.

• network-operator.

• level-n (where n equals an integer in

the range 0 to 15).

Among these user roles, only the

permissions and description of the

level-0 to level-14 user roles are

configurable.

3. (Optional.) Configure a

description for the user role.

description text

By default, a user role does not have a

description.

Configuring user role rules

You can configure command, feature, feature group, and XML element rules to permit or deny the access

of a user role to specific commands and XML elements.