Table of Contents
Advertisement
work-directory directory-name: Specifies the working directory for FTP, SFTP, or SCP users. The
directory-name argument is a case-insensitive string of 1 to 255 characters. The directory must
already exist.
Usage guidelines
Configure authorization attributes according to the application environments and purposes. Support
for authorization attributes depends on the service types of users.
For portal users, only the following authorization attributes are effective: acl, idle-cut, ip-pool,
ipv6-pool, and session-timeout.
For LAN users, only the following authorization attributes are effective: acl, session-timeout, and
vlan.
For Telnet and terminal users, only the authorization attributes idle-cut, user-role, and
work-directory are effective.
For HTTP and HTTPS users, only the authorization attribute user-role is effective.
For SSH and FTP users, only the authorization attributes idle-cut, user-role, and work-directory
are effective.
For other types of local users, no authorization attribute is effective.
Authorization attributes configured for a user group are intended for all local users in the group. You
can group local users to improve configuration and management efficiency. An authorization
attribute configured in local user view takes precedence over the same attribute configured in user
group view.
To make sure FTP, SFTP, and SCP users can access the directory after an active/standby switchover,
do not specify chassis or slot information for the working directory.
To make sure the user have only the user roles authorized by using this command, use the undo
authorization-attribute user-role command to remove the default user role.
The security-audit user role has access to the commands for managing security log files and security
log file system. To display all the accessible commands of the security-audit user role, use the
display role name security-audit command. For more information about security log management,
see Network Management and Monitoring Configuration Guide. For more information about file
system management, see Fundamentals Configuration Guide.
You cannot delete a local user if the local user is the only user that has the security-audit user role.
The security-audit user role is mutually exclusive with other user roles.
•
When you assign the security-audit user role to a local user, the system requests confirmation
for deleting all the other user roles of the user.
•
When you assign other user roles to a local user that has the security-audit user role, the
system requests confirmation for deleting the security-audit user role for the local user.
Examples
# Configure the authorized VLAN of network access user abc as VLAN 2.
<Sysname> system-view
[Sysname] local-user abc class network
[Sysname-luser-network-abc] authorization-attribute vlan 2
# Configure the authorized VLAN of user group abc as VLAN 3.
<Sysname> system-view
[Sysname] user-group abc
[Sysname-ugroup-abc] authorization-attribute vlan 3
# Assign the security-audit user role to device management user xyz as the authorized user role.
<Sysname> system-view
[Sysname] local-user xyz class manage
39
Advertisement
Table of Contents
