H3C S5830V2 Security Configuration Manual page 33

Authorization attributes—Authorization attributes indicate the rights that a user has after passing
•
local authentication. Authorization attributes include the ACL, idle cut function, user role, VLAN,
and FTP/SFTP work directory. For support information about authorization attributes, see
"Configuring local user
Configure the authorization attributes based on the service type of local users. You can configure
an authorization attribute in user group view or local user view to make the attribute effective for
all local users in the group or for only the local user. The setting of an authorization attribute in
local user view takes precedence over the attribute setting in user group view.
Password control attributes—Password control attributes help control password security for device
•
management users. Password control attributes include password aging time, minimum password
length, and password composition policy.
You can configure a password control attribute in system view, user group view, or local user view,
making the attribute effective for all local users, local users in a group, or only the local user. A
password control attribute with a smaller effective range has a higher priority. For more
information about password management and global password configuration, see
password
Local user configuration task list
Tasks at a glance
(Required.)
(Optional.)
(Optional.)
Configuring local user attributes
Follow these guidelines when you configure local user attributes:
When the password control feature is globally enabled by using the password-control enable
•
command, local user passwords are not displayed.
• The authentication mode of user interfaces is set by the authentication-mode command in user
interface view, and affects the commands available for login users. In AAA (scheme) mode, the
authorized user role determines the commands available for each login user. In password
(password) or no authentication (none) mode, the user role of respective user interfaces determines
the commands available for the login users. The user role of respective user interfaces also
determines the commands available for the public key authenticated SSH users. For more
information about the authentication mode and user roles for user interfaces, see Fundamentals
Configuration Guide.
You can configure authorization attributes and password control attributes in local user view or user
•
group view. The setting in local user view takes precedence.
To configure local user attributes:
Step
1. Enter system view.
2. Add a local user and enter
local user view.
attributes."
control."
Configuring local user attributes
Configuring user group attributes
Displaying and maintaining local users and local user groups
Command
system-view
local-user user-name [ class
{ manage | network } ]
19
Remarks
N/A
By default, no local user exists.
"Configuring