Functions of administrator roles and levels of the USG6000 series

0

The USG6000 series controls administrator permissions by administrator role and level as follows:
- Bind an administrator role: Control administrator permissions based on the menu of the web UI, which mainly applies to web administrators.
On the web UI, choose System > Administrator > Administrator, create an administrator, and specify a role for it. Administrators with different roles have different operation permissions.
- Specify an administrator level: Control administrator permissions based on the levels of administrator-executable commands, which mainly applies to CLI administrators.
The following example is provided for you to set the permission level for an administrator account.
# Set the permission of the administrator abc to level 3.
system-view
[sysname] aaa
[sysname-aaa] manager-user abc
[sysname-aaa-manager-user-abc] level 3
The administrator role has a higher priority than the administrator level, that is, if an administrator is bound to a role, the level specification no longer takes effect.
Even if an administrator account is not bound to a specific role, the administrator role and level have a default mapping as follows:
- 1: Monitoring level corresponds to the configuration administrator (monitoring).
- 2: Configuration level corresponds to the configuration administrator.
- 3: Management level to the 15th level correspond to the system administrator.
For more details, see the administrator chapter in the product documentation of the USG6000 series.

Other related questions:
Changing the administrator level on the USG6000
Change the administrator level on the USG6000 as follows: HRP_Asystem-view Enter system view, return user view with Ctrl+Z. HRP_A[USG6600-1]aaa HRP_A[USG6600-1-aaa]manager-user admin HRP_A[USG6600-1-aaa-manager-user-admin]level ? INTEGER<0-15> Value //Select a level ranging from 0 to 15 here. HRP_A[USG6600-1-aaa-manager-user-admin]level 15 //This command indicates setting the permission of the admin account to level 15.//

Viewing the administrator level on the USG6000
View the administrator level on the USG6000 as follows: [USG6600]display manager-user username admin 17:47:00 2015/04/21 ---------------------------------------------------------------------------- Username : admin Password : **************** State : Active Service-type : web ftp telnet terminal ssh ACL-number : - Access-limit : No Online-number : 1 User-level : 15 FTP-directory : hda1: Ssh authentication: any Ssh service : stelnet Ssh RSA-key : -

The role of routing tables in USG6000 series devices.
After a network connection failure occurs, you can check whether there is a route to the destination in the routing table.

Viewing the administrator level on the USG2000&5000
View the administrator level on the USG2000&5000 as follows: display local-user username admin ---------------------------------------------------------------------------- Username : admin User valid-period : - Password : **************** Password valid-days : 90 State : Active Service-type : ppp web ftp telnet terminal ssh 802.1x ACL-number : - Idle-cut : No Access-limit : No Online-number : 1 MAC-address : - User-level : 15 FTP-directory : - L2tp-ip : -

Default administrator account of the USG6000 series
The NGFW provides two default accounts: - System administrator account: admin/Admin@123. For the first time, you can use this account to log in to the USG6000 through the console port or web UI. - Auditor account: audit-admin/Admin@123. This account can be used to configure audit policies and view audit logs.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top