R0106-HP MSR Router Series Fundamentals Configuration Guide(V7)
23
Ste
p
Command
Remarks
2. Enable the default user role
function.
role default-role enable
By default, the default user role
function is disabled.
If the none authorization method is
used for local users, you must enable
the default user role function.
Assigning user roles to remote AAA authentication users
For remote AAA authentication users, user roles are configured on the remote authentication server. For
information about configuring user roles for RADIUS users, see the RADIUS server documentation. For
HWTACACS users, the role configuration must use the roles="role-1 role-2 … role-n" format, where user
roles are space separated. For example, configure roles="level-0 level-1 level-2" to assign level-0, level-1,
and level-2 to an HWTACACS user.
Assigning user roles to local AAA authentication users
Configure user roles for local AAA authentication users in their local user accounts. Every local user has
a default user role. If this default user role is not suitable, delete the default user role.
To assign a user role to a local user:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a local user and enter
local user view.
local-user user-name class
{ manage | network }
N/A
3. Authorize the user to have a
user role.
authorization-attribute user-role
role-name
Repeat this step to assign the user to up
to 64 user roles.
By default, network-operator is
assigned to local users created by a
network-admin or level-15 user.
Assigning user roles to non-AAA authentication users on user
lines
Specify user roles for the following two types of login users on the user lines:
• Users who use password authentication or no authentication.
• SSH clients that use publickey or password-publickey authentication. User roles assigned to these
SSH clients are specified in their respective device management user accounts.
For more information about user lines, see "Login overview" and "Logging in to the CLI." For more
information about SSH, see Security Configuration Guide.
To assign a user role to non-AAA authentication users on a user line:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A