[x]

CLI configuration commands > command-privilege

 

 Next

command-privilege

Syntax

command-privilege level level view view command

undo command-privilege view view command

View

System view

Default level

3: Manage level

Parameters

level level: Command level, which ranges from 0 to 3.

view view: Specifies a view.

command: Command to be set in the specified view.

Description

Use command-privilege to assign a level for a specific command in a view.

Use undo command-privilege to restore the default.

By default, each command in a view has a specified level.

Command levels include four privileges: visit (0), monitor (1), system (2), and manage (3). You can assign a privilege level according to the user's need. When logging in to the device, the user can access the assigned level and all levels below it.

Level changes can cause maintenance, operation, and security problems. Hewlett Packard Enterprise recommends using the default command level or modifying the command level under the guidance of professional staff.

The command specified for the command-privilege command must be complete, and have valid parameters. For example, the default level of the tftp server-address { get | put | sget } source-filename [ destination-filename ] [ source { interface interface-type interface-number | ip source-ip-address } ] command is 3. To enable users with the privilege level 0 to execute the tftp server-address put source-filename command (such as tftp 192.168.1.26 put syslog.txt) and disable them from specifying the get, sget, source, or destination-filename option, configure the command-privilege level 0 view shell tftp 1.1.1.1 put a.cfg command.

The command specified for the undo command-privilege view command can be incomplete. For example, configuring the undo command-privilege view system ftp command restores all commands starting with ftp (such as ftp server acl, ftp server enable, and ftp timeout) to their default level. If you have modified the level of commands ftp server enable and ftp timeout, and you want to restore only the ftp server enable command to its default level, use the undo command-privilege view system ftp server command.

If you change the command level of a command in a specified view from the default command level to a lower level, you must change the command levels of the quit command and the command used to enter this view. For example, the default command level of commands interface and system-view is 2 (system level). To make the interface command available to the level 1 users, execute the following commands: command-privilege level 1 view shell system-view, command-privilege level 1 view system interface ethernet1/0/1, and command-privilege level 1 view system quit. Then, the level 1 users can enter system view, execute the interface ethernet command, and return to user view.

Examples

# Set the command level of the interface command to 0 in system view.

<Sysname> system-view
[Sysname] command-privilege level 0 view system interface

prev

 

up

 next

command-alias mapping 

home

 display clipboard

© Copyright 2016 Hewlett Packard Enterprise Development LP