HP 6125G HP 6125G & 6125G/XG Blade Switches Security Command Reference - Page 33

This command takes effect only when local accounting is used for the user account. This limit is not effective for FTP users because accounting is not available for FTP users. Related commands: display local-user. Examples # Limit the maximum number of concurrent users of local user account abc to 5. system-view [Sysname] local-user abc [Sysname-luser-abc] access-limit 5 authorization-attribute (local user view/user group view) Syntax authorization-attribute { acl acl-number | idle-cut minute | level level | user-profile profile-name | user-role { guest | guest-manager | security-audit } | vlan vlan-id | work-directory directory-name } * View undo authorization-attribute { acl | idle-cut | level | user-profile | user-role | vlan | work-directory } * Local user view, user group view Default level 3: Manage level Parameters acl acl-number: Specifies the authorization ACL. The ACL number must be in the range of 2000 to 5999. After passing authentication, a local user is authorized to access the network resources specified by this ACL. idle-cut minute: Sets the idle timeout period. With the idle cut function enabled, an online user whose idle period exceeds the specified idle timeout period is logged out. The minute argument indicates the idle timeout period, in the range of 1 to 120 minutes. level level: Specifies the user level, which can be 0 for visit level, 1 for monitor level, 2 for system level, and 3 for manage level. A smaller number means a lower level. If the user interfaces' authentication mode is scheme, which commands users can use after login in depends on this argument. By default, the user level is 0, and users can use only commands of level 0 after login. user-profile profile-name: Specifies the authorization user profile. profile-name is a case-sensitive string of 1 to 32 characters. It can contain letters, digits, and underscores (_) and must start with a letter. After a user passes authentication and gets online, the switch uses the settings in the user profile to restrict the access behavior of the user. For more information about user profiles, see Security Configuration Guide. user-role: Specifies the role for the local user. This keyword is available in only local user view. Users playing different roles can access different levels of commands. If you specify no role for a local user, the access right of the user after login depends on other authorization attributes. Supported roles include: • guest: A guest user account is usually created through the Web interface. • guest-manager: After passing authentication, a guest manager can only use the Web interface to access guest-related pages to, for example, create, modify, or change guest user accounts. 24