Assigning User Roles; Enabling The Default User Role Function; Assigning User Roles To Remote Aaa Authentication Users - HP 10500 Series Configuration Manual
Hide thumbs
Also See for 10500 Series:
- Security configuration manual (596 pages) ,
- Configuration manual (512 pages) ,
- Specifications (42 pages)
Table of Contents
Advertisement
Assigning user roles
To control user access to the system, you must assign at least one user role. Make sure at least one user
role among the user roles assigned by the server exists on the device. User role assignment procedure
varies with remote AAA authentication users, local AAA authentication users, and non-AAA
authentication users (see
Security Configuration Guide.
Enabling the default user role function
An AAA authentication user must have at least one user role to log in to the device. The default user role
function assigns the network-operator or mdc-operator user role to a local or remote AAA authenticated
user if the AAA server has not authorized the user to use any user roles. Without the function, AAA
authenticated users cannot access the system if they have no user role authorization.
You can configure the default user role function to enable an AAA authenticated user that has not been
assigned any user role to log in with a default user role.
For login to the default MDC, the default user role is network-operator.
•
For login to a non-default MDC, the default user role is mdc-operator.
•
To enable the default user role function for AAA authentication users:
Step
1.
Enter system view.
2.
Enable the default user role
function.
Assigning user roles to remote AAA authentication users
For remote AAA authentication users, user roles are configured on the remote authentication server. For
information about configuring user roles for RADIUS users, see the RADIUS server documentation. For
HWTACACS users, the role configuration must use the roles="role- 1 role-2 ... role-n" format, where user
roles are space separated. For example, configure roles="level-0 level-1 level-2" to assign level-0, level- 1 ,
and level-2 to an HWTACACS user.
If the AAA server assigns the security-audit user role and other user roles to the same user, only the
security-audit user role takes effect.
NOTE:
To be compatible with privilege-based access control, the device automatically converts privilege-based
•
user levels (0 to 15) assigned by an AAA server to RBAC user roles (level-0 to level-15).
If the AAA server assigns a privilege-based user level and a user role to a user, the user can use the
•
collection of commands and resources accessible to both the user level and the user role.
"Assigning user
roles"). For more information about AAA authentication, see
Command
system-view
role default-role enable
59
Remarks
N/A
The default user role function is
disabled.
If the none authorization method is
used for local users, you must enable
the default user role function.
- Quick Links:
- Using the Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
