How to increase the level of commands in different views

4

By default, a switch has four user levels, ranging from 0 to 3. To increase the level of a command in a view, run the command-privilege level command.
For example, a level 3 user can use the delete or format command in the user view to delete the startup file or format the storage device that saves the startup file. To increase the level of the delete and format commands, create a user account of a higher level and run the following commands:

command-privilege level 15 view shell delete
Only level 15 users can use the commands starting with delete in the user view (shell).

command-privilege level 15 view shell format
Only level 15 users can use the commands starting with format in the user view (shell).

Other related questions:
How to set the command level in the specified view
The procedure for setting the command level in the specified view is as follows: Command format: command-privilege level < level > view < view-name > < command-key > To adjust the command level, see the following examples: Example 1: Set the level of the save command to 5. [Huawei] command-privilege level 5 view user save Example 2: Adjust the permission of the configuration file to a lower-level command. [Huawei]command-privilege level 2 view system display current-configuration The system grants different command levels. Each command in each view has a specified level. The administrator can change the command level based on user requirements to enable a lower-level user to use some high-level commands, or raise the command level to improve device security. It is recommended that the default command level be not changed without permission.

How do I define the command level

The administrator can run the command-privilege level level view view-name command-key command to set the command level in a specified view. This configuration enables a lower-level user to use some high-level commands, or raises the command level to improve device security.

NOTICE:

It is recommended that you do not change the default command level without the guidance of professionals. Otherwise, it may result in inconvenience for operation and maintenance and bring about security problems.

<Huawei> system-view
[Huawei] command-privilege level 5 view user save

Description of user levels on AR routers
User levels on AR routers are as follows: You can configure different user levels to control access rights of different users and improve device security. There are 16 user levels numbered from 0 to 15, in ascending order of priority. Visit level-0: It is used for network diagnosis, access to the external device, such as ping, tracert, and Telnet. Monitoring level-1: It is used for system maintenance, including display commands and other commands. Some display commands are unavailable at this level. For example, the display current-configuration and display saved-configuration commands are level-3 management commands. Configuration level-2: Service configuration commands. Management level-3 to 15: They are used to control basic system operations, including system file, FTP/TFTP download, user management, command level setting, and debugging commands. User levels correspond to the command levels. Users can use only the commands at the same or lower level than their own levels. By default, users logging in from the console port can run level 15 commands. By default, the user level of other login modes is 0 (visit level), that is, after the user logs in to a device, the user can only run the commands at level 0, including ping, tracert, and other commands for network diagnosis.

Viewing the administrator level on the USG6000
View the administrator level on the USG6000 as follows: [USG6600]display manager-user username admin 17:47:00 2015/04/21 ---------------------------------------------------------------------------- Username : admin Password : **************** State : Active Service-type : web ftp telnet terminal ssh ACL-number : - Access-limit : No Online-number : 1 User-level : 15 FTP-directory : hda1: Ssh authentication: any Ssh service : stelnet Ssh RSA-key : -

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top