Configuring local users, User levels, Configuring a user privilege level – H3C Technologies H3C SecBlade LB Cards User Manual
Page 86
76
Configuring local users
Local users are a set of user attributes configured on the local device. A local user is uniquely identified
by username. To enable users using a certain network service to pass the local authentication, you must
configure accounts for the users to the local user database on the device.
A local user has the following attributes:
•
Username
•
User password
•
User privilege level
•
Service type that the user can use
•
Virtual device to which the user belongs
User levels
User levels, ranging from low to high, are visitor, monitor, configure, and management. A user with a
higher level has all the operating rights of a lower level.
•
Visitor—Users of this level can perform ping and traceroute operations, but can neither access the
device data nor configure the device.
•
Monitor—Users of this level can only access the device data but cannot configure the device.
•
Configure—Users of this level can access data from the device and configure the device, but they
cannot upgrade the host software, add/delete/modify users, or back up/restore the application
file.
•
Management—Users of this level can perform any operations for the device.
The previously mentioned user levels apply to users using the root virtual devices only. Those for users
using other types of virtual devices depend on the device model.
Configuring a user privilege level
If the authentication mode on a user interface is scheme, configure a user privilege level for the user
interface's users through the AAA module or directly on the user interface. For SSH users who use
public-key authentication, the user privilege level configured directly on the user interface always takes
effect. For other users, the user privilege level configured in the AAA module has priority over the one
configured directly on the user interface.
If the authentication mode on a user interface is none or password, configure the user privilege level
directly on the user interface.
For more information about user login authentication, see "Logging in to the CLI." For more information
about AAA and SSH, see Security Configuration Guide.