A user level matches a certain command level. After logging in to the device, a user can run only the commands of which the levels are the same as or lower than the user level. For example, a user at level 2 can run only the commands at levels 0, 1, and 2.
When AAA local authentication is used, set the user level on the device. If the user level is not set, the login users are at level 0 (visit level), and can use only the commands at level 0, such as network diagnostic commands ping and tracert.
To allow the users to use commands of higher levels, such as monitoring, configuration, or management level, the users must have higher user levels.
If AAA local authentication is used, you have the following methods to set the user level. The user level set in the first method has the highest priority and the user level set in the last method has the lowest priority.
Set the user level for a specified user.
<HUAWEI> system-view[HUAWEI] aaa[HUAWEI-aaa] local-user user1 privilege level 15 //Set the user level of user1 to 15.
Set the user level for all users in a domain.
<HUAWEI> system-view[HUAWEI] aaa[HUAWEI-aaa] service-scheme sch1[HUAWEI-aaa-service-sch1] admin-user privilege level 15 //Set the user levels of all users in a domain to 15.
Set the user level for all users logging in through the same user interface (such as VTY user interface).
<HUAWEI> system-view[HUAWEI] user-interface maximum-vty 15[HUAWEI] user-interface vty 0 14[HUAWEI-ui-vty0-14] user privilege level 15 //Set the user level in VTY 0-VTY 14 to 15.
More Information: S Series Switches Common Operation Guide
