Troubleshooting Rbac; Local Users Have More Access Permissions Than Intended - HP FlexFabric 7900 Series Configuration Manual

ssh2
super
system-view
telnet
tracert
<Switch>
2. Obtain the level-3 user role:
# Use the super password to obtain the level-3 user role. When the system prompts for a username
and password, enter the username test@bbb and password enabpass.
<Switch> super level-3
Username: test@bbb
Password:
The following output shows that you have obtained the level-3 user role.
User privilege role is level-3, and only those commands that authorized to the role
can be used.
# If the ACS server does not respond, enter the local authentication password 654321 at the
prompt.
Invalid configuration or no response from the authentication server.
Change authentication mode to local.
Password:
User privilege role is level-3, and only those commands that authorized to the role
can be used.
The output shows that you have obtained the level-3 user role.

Troubleshooting RBAC

This section describes several typical RBAC problems and their solutions.

Local users have more access permissions than intended

Symptom
A local user can use more commands than should be permitted by the assigned user roles.
Analysis
The local user might have been assigned to user roles without your knowledge. For example, the local
user is automatically assigned a default user role when you create it.
Solution
Use the display local-user command to examine the local user accounts for undesirable user roles, and
delete them.
Establish a secure shell client connection
Switch to a user role
Enter the System View
Establish a telnet connection
Tracert function
62