Local firewall administrator level with read-only permissions

15

As a firewall administrator, you can execute commands of or lower than your administrator level. If your administrator level is set to 1, you can only execute level 0 (visit level) and 1 (monitoring level) commands and have read-only permissions.

Other related questions:
Changing the administrator level on the USG6000
Change the administrator level on the USG6000 as follows: HRP_Asystem-view Enter system view, return user view with Ctrl+Z. HRP_A[USG6600-1]aaa HRP_A[USG6600-1-aaa]manager-user admin HRP_A[USG6600-1-aaa-manager-user-admin]level ? INTEGER<0-15> Value //Select a level ranging from 0 to 15 here. HRP_A[USG6600-1-aaa-manager-user-admin]level 15 //This command indicates setting the permission of the admin account to level 15.//

Viewing the administrator level on the USG6000
View the administrator level on the USG6000 as follows: [USG6600]display manager-user username admin 17:47:00 2015/04/21 ---------------------------------------------------------------------------- Username : admin Password : **************** State : Active Service-type : web ftp telnet terminal ssh ACL-number : - Access-limit : No Online-number : 1 User-level : 15 FTP-directory : hda1: Ssh authentication: any Ssh service : stelnet Ssh RSA-key : -

Viewing the administrator level on the USG2000&5000
View the administrator level on the USG2000&5000 as follows: display local-user username admin ---------------------------------------------------------------------------- Username : admin User valid-period : - Password : **************** Password valid-days : 90 State : Active Service-type : ppp web ftp telnet terminal ssh 802.1x ACL-number : - Idle-cut : No Access-limit : No Online-number : 1 MAC-address : - User-level : 15 FTP-directory : - L2tp-ip : -

Changing the administrator level on the USG2000&5000
Change the administrator level on the USG2000&5000 as follows: system-view Enter system view, return user view with Ctrl+Z. [USG5100]aaa [USG5100-aaa]local-user admin level ? INTEGER<0-15> Value audit Audit level //The level available ranges from 0 to 15. In normal cases, the administrator permission of level 3 is proper. The audit level indicates the permission of auditing the administrator.// [USG5100-aaa]local-user admin level 3 //Indicates setting the permission of the admin account to the level-3 management level.//

How to configure the administrator level on the AR
If non-authentication is used, the administrator level is specified by using the user privilege level command in the VTY interface view. If local authentication is used, the administrator level can be set in the following ways that are in descending order of priority: 1. Run the local-user privilege level command to configure the local user level. 2. Run the admin-user privilege level command to configure the administrator level in a domain. 3. Run the user privilege level command to configure the user level in VTY mode. If remote authentication is used, the administrator level can be set in the following ways that are in descending order of priority: 1. Use the user level sent by an authentication server to the AR after authentication is succeessful. 2. Run the admin-user privilege level command to set the administrator level in a domain. 3. Run the user privilege level command to set the user level in VTY mode.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top