H3C MSR Series Command Reference Manual page 78

Predefined user roles
network-admin
Parameters
acl acl-number: Specifies an authorization ACL. The value range for the acl-number argument is
2000 to 5999. After passing authentication, a local user can access the network resources specified
by this ACL.
callback-number callback-number: Specifies an authorized PPP callback number. The
callback-number argument is a case-sensitive string of 1 to 64 characters. After a local user passes
authentication, the device uses this number to call the user.
idle-cut minute: Sets an idle timeout period in minutes. The value range for the minute argument is 1
to 120. The device logs off an online user if the user's idle period exceeds the specified idle timeout
period.
ip ipv4-address: Assigns a static IPv4 address to a user after it passes authentication. This option is
available only in local user view.
ip-pool ipv4-pool-name: Specifies an IPv4 address pool. The ipv4-pool-name argument is a
case-insensitive string of 1 to 63 characters.
ipv6 ipv6-address: Assigns a static IPv6 address to a user after it passes authentication. This option
is available only in local user view.
ipv6-pool ipv6-pool-name: Specifies an IPv6 address pool. The ipv6-pool-name argument is a
case-insensitive string of 1 to 63 characters.
ipv6-prefix ipv6-prefix prefix-length: Specifies an IPv6 address prefix. The value range for the
prefix-length argument is 1 to 128.
primary-dns ip ipv4-address: Specifies the IPv4 address of the primary DNS server.
primary-dns ipv6 ipv6-address: Specifies the IPv6 address of the primary DNS server.
secondary-dns ip ipv4-address: Specifies the IPv4 address of the secondary DNS server.
secondary-dns ipv6 ipv6-address: Specifies the IPv6 address of the secondary DNS server.
session-timeout minutes: Specifies the session timeout timer, in minutes. The value range for the
minutes argument is 1 to 1440. The device logs off a user after the timer expires for the user.
sslvpn-policy-group group-name: Specifies an SSL VPN policy group. The group-name argument
is a case-insensitive string of 1 to 31 characters. For information about SSL VPN policy groups, see
"Configuring SSL VPN."
url url-string: Specifies the URL to which a user is redirected after it passes authentication. The
url-string argument is a case-sensitive string of 1 to 255 characters.
user-profile profile-name: Specifies an authorization user profile by its name. The profile-name
argument is a case-sensitive string of 1 to 31 characters. The name can contain only letters, digits,
and underscores (_). The user profile restricts the behavior of an authenticated user. For more
information, see Security Configuration Guide.
user-role role-name: Specifies an authorized user role. The role-name argument is a case-sensitive
string of 1 to 63 characters. Up to 64 user roles can be specified for a user. For user role-related
commands, see Fundamentals Command Reference for RBAC commands. This option is available
only in local user view, and is not available in user group view.
vlan vlan-id: Specifies an authorized VLAN. The value range for the vlan-id argument is 1 to 4094.
After passing authentication and being authorized a VLAN, a local user can access only the
resources in this VLAN.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance. The vpn-instance-name
argument is a case-sensitive string of 1 to 31 characters. After passing authentication, a user has
permission to access the network resources in the specified VPN.
55