Switching the user privilege level – H3C Technologies H3C SecBlade NetStream Cards User Manual

17

need to re-log in, but the commands that they can execute have changed. For example, if the current user

privilege level is 3, the user can configure system parameters. After switching to user privilege level 0, the
user can only execute simple commands, like ping and tracert, and only a few display commands. The

switching operation is effective for the current login. After the user relogs in, the user privilege restores to

the original level.

•

To avoid problems, H3C recommends that administrators log in to the device by using a lower
privilege level and view device operating parameters, and when they have to maintain the device,
they can switch to a higher level temporarily

•

If the administrators need to leave for a while or ask someone else to manage the device
temporarily, they can switch to a lower privilege level before they leave to restrict the operation by

others.

Setting the authentication mode for user privilege level switch

•

A user can switch to a privilege level equal to or lower than the current one unconditionally and is

not required to input a password (if any).

•

For security, a user is required to input the password (if any) to switch to a higher privilege level.

Follow these steps to set the authentication mode for user privilege level switch:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Set the authentication mode for
user privilege level switch

super authentication-mode
{ local | scheme } *

Optional
local by default.

Configure the password for
user privilege level switch

super password [ level
user-level ] { simple | cipher }

password

Required if the authentication mode is set
to local (specify the local keyword when
setting the authentication mode)
By default, no privilege level switch
password is configured.

CAUTION:
•

If no user privilege level is specified when you configure the password for switching the user privilege
level with the super password command, the user privilege level defaults to 3.

•

If you specify the simple keyword, the password is saved in the configuration file in plain text, which is
easy to be stolen. If you specify the cipher keyword, the password is saved in the configuration file in

cipher text, which is safer.

•

If the user logs in from the console user interface (the console port), the privilege level can be switched
to a higher level, although the authentication mode is local, and no user privilege level password is
configured.

Switching the user privilege level

Follow these steps to switch the user privilege level:

To do…

Use the command…

Remarks

Switch the user
privilege level

super [ level ]

Required
When logging in to the device, a user has a user privilege level,
which depends on user interface or authentication user level.
Available in user view.