How do I define the command level

25



The administrator can run the command-privilege level level view view-name command-key command to set the command level in a specified view. This configuration enables a lower-level user to use some high-level commands, or raises the command level to improve device security.


NOTICE:

It is recommended that you do not change the default command level without the guidance of professionals. Otherwise, it may result in inconvenience for operation and maintenance and bring about security problems.

<Huawei> system-view
[Huawei] command-privilege level 5 view user save

Other related questions:
How are the fault severity levels defined in the storage system?
There are three levels of fault information for storage systems according to the impact on storage systems and their services: ? Critical: The fault affects the system functions, and immediate measures should be taken to handle the fault. For example, a device or resource cannot be used and needs to be recovered. Even if the fault does not occur in working hours, it needs to be handled immediately. ? Major: The fault affects the system functions, and measures should be taken to handle the fault. For example, the service quality of a device or resource degrades, and the device or resource needs to be recovered to the normal state. The fault needs to be handled immediately. ? Warning: The fault does not affect the system functions but raises hidden risks in the storage system. The fault needs to be handled according to the actual situation. You can set the fault notification methods on the ISM interface. Once a critical, major, or warning fault occurs in the storage system, the system notifies users through short messages or emails, and users can monitor and manage the storage system in a convenient way.

How to increase the level of commands in different views
By default, a switch has four user levels, ranging from 0 to 3. To increase the level of a command in a view, run the command-privilege level command. For example, a level 3 user can use the delete or format command in the user view to delete the startup file or format the storage device that saves the startup file. To increase the level of the delete and format commands, create a user account of a higher level and run the following commands: command-privilege level 15 view shell delete Only level 15 users can use the commands starting with delete in the user view (shell). command-privilege level 15 view shell format Only level 15 users can use the commands starting with format in the user view (shell).

How to set the command level in the specified view
The procedure for setting the command level in the specified view is as follows: Command format: command-privilege level < level > view < view-name > < command-key > To adjust the command level, see the following examples: Example 1: Set the level of the save command to 5. [Huawei] command-privilege level 5 view user save Example 2: Adjust the permission of the configuration file to a lower-level command. [Huawei]command-privilege level 2 view system display current-configuration The system grants different command levels. Each command in each view has a specified level. The administrator can change the command level based on user requirements to enable a lower-level user to use some high-level commands, or raise the command level to improve device security. It is recommended that the default command level be not changed without permission.

How do I configure the administrator level on an AR
If non-authentication is used, the administrator level is specified by using the user privilege level command in the VTY interface view. If local authentication is used, the administrator level can be configured in the following ways that are in descending order of priority: 1. Running the local-user privilege level command to configure the local user level 2. Running the admin-user privilege level command to configure the administrator level in a domain 3. Running the user privilege level command to configure the user level in the VTY interface view If remote authentication is used, the administrator level can be configured in the following ways that are in descending order of priority: 1. Using the user level sent by an authentication server to the AR after authentication has succeeded 2. Running the admin-user privilege level command to configure the administrator level in a domain 3. Running the user privilege level command to configure user level in the VTY interface view

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top