Default groups and their privileges

The switch provides the following default groups with corresponding roles. Each of these roles comes with a set of privileges.

Group/Role Privileges
administrators

Administrators have full privileges, including:

  • Full CLI access.

  • Performing firmware upgrades.

  • Viewing switch configuration information, including sensitive information such as passwords which are displayed as ciphertext.

  • Performing switch configuration.

  • Adding/removing user accounts.

  • Configuring users accounts, including passwords. Once set, a password cannot be deleted or set to empty.
  • REST API: All methods (GET, PUT, POST, DELETE) and switch resources are available.

The privilege level for administrators is 15.

operators

Operators have no switch configuration privileges. Operators are restricted to:

  • Basic display-only CLI access.

  • Viewing of nonsensitive switch configuration information.

  • REST API: Other than the \login and \logout resources, only the GET method is available.

The privilege level for operators is 1.

auditors

Auditors are restricted to functions related to auditing only:

  • CLI: Access to commands in the auditor context (auditor>) only.

  • Web UI: Access to the System > Log page only.

  • REST API: POST method available for the \login and \logout resources. GET method available for the following resources only:

    • Audit log: /logs/audit

    • Event log: /logs/event

The privilege level for auditors is 19.