If the user passes remote authorization, the remote AAA server assigns the user roles specified
on the server. The AAA server can be a RADIUS or HWTACACS server.
Non-AAA authorization—If the user uses password authentication or no authentication, the device
•
assigns user roles specified on the user line. This method also applies to SSH clients that use
publickey or password-publickey authentication. User roles assigned to these SSH clients are
specified in their respective local device management user accounts.
For more information about AAA and SSH, see Security Configuration Guide. For more information
about user line, see
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about
FIPS mode, see Security Configuration Guide.
Configuration task list
Tasks at a glance
(Required.)
(Required.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
Creating user roles
In addition to the predefined user roles, you can create a maximum of 64 custom user roles for granular
access control.
To create a user role:
Step
1.
Enter system view.
2.
Create a user role and
enter user role view.
"Login
overview" and
Creating user roles
Configuring user role rules
Configuring feature groups
Configuring resource access policies
Assigning user roles
Configuring temporary user role authorization
Command
system-view
role name role-name
"Logging in to the
CLI."
Remarks
N/A
By default, the system has 19 predefined
user roles: network-admin,
network-operator, level-n (where n
equals an integer in the range 0 to 15),
and security-audit. Among these user
roles, only the permissions and
description of the user roles level-0 to
level-14 are configurable.
53