User Role Assignment - HPE FlexFabric 5940 Series Configuration Manual

User role name
network-operator
level-n (n = 0 to 15)
security-audit

User role assignment

You assign access rights to a user by assigning a minimum of one user role. The user can use the
collection of items and resources accessible to all user roles assigned to the user. For example, you
can access any interface to use the qos apply policy command if you are assigned the following
user roles:
•
User role A denies access to the qos apply policy command and permits access only to
interface Ten-GigabitEthernet 1/0/1.
•
User role B permits access to the qos apply policy command and all interfaces.
Permissions
•
Accesses the display commands for features and resources in the
system. To display all accessible commands of the user role, use the
display role command.
•
Enables local authentication login users to change their own
passwords.
•
Accesses the command used for entering XML view.
•
Accesses all read-type XML elements.
•
Accesses all read-type MIB nodes.
•
level-0—Has access to diagnostic commands, including ping,
tracert, ssh2, telnet, and super. Level-0 access rights are
configurable.
•
level-1—Has access to the display commands of all features and
resources in the system except for display history-command all.
The level-1 user role also has all access rights of the level-0 user
role. Level-1 access rights are configurable.
•
level-2 to level-8, and level-10 to level-14—Have no access rights
by default. Access rights are configurable.
•
level-9—Has access to most of the features and resources in the
system. If you are logged in with a local user account that has a
level-9 user role, you can change the password in the local user
account. The following are the major features and commands that
the level-9 user role cannot access:
RBAC non-debugging commands.
Local users.
File management.
Device management.
The display history-command all command.
•
level-15—Has the same rights as network-admin.
Security log manager. The user role has the following access rights to
security log files:
•
Accesses the commands for displaying and maintaining security log
files (for example, the dir, display security-logfile summary, and
more commands).
•
Accesses the commands for managing security log files and security
log file system (for example, the info-center security-logfile
directory, mkdir, and security-logfile save commands).
For more information about security log management, see Network
Management and Monitoring Configuration Guide. For more information
about file system management, see "Managing the file system."
IMPORTANT:
Only the security-audit user role has access to security log files. You
cannot assign the security-audit user role to non-AAA authentication
users.
19