Dell PowerSwitch S4128F-ON OS10 Enterprise Edition User Guide Release 10.4.3.0 - Page 797
Privilege levels overview, Con privilege levels for users
![]() |
View all Dell PowerSwitch S4128F-ON manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 797 highlights
To disable login statistics, use the no login-statistics enable command. Privilege levels overview Providing terminal access control to a switch is one method of securing the device and network. To increase security, you can allow users to access a subset of commands using privilege levels. With OS10, you can configure privilege levels, add commands to them, and restrict access to the terminal line with passwords. The system supports 16 privilege levels. The following lists the privilege levels: • Level 0-Provides users the least privilege, restricting access to basic commands. • Level 1-Provides access to a set of show commands and certain operations such as ping, traceroute, and so on. • Level 15-Provides access to all available commands for a particular user role. • Levels 0, 1, and 15-System configured privilege levels with a predefined command set. • Levels 2 to 14-Not configured. You can customize these levels for different users and access rights. Privilege levels inherit all permitted commands from all lower levels. For example, a user logged in with a particular privilege level has access to commands assigned for that privilege level and lower privilege levels as permitted by the user role. You cannot configure a privilege level lower than 2 for users assigned to the sysadmin, netadmin, and secadmin roles. You can configure users assigned to the netoperator role with privilege levels 0 or 1. After you assign commands to privilege levels, you can assign the privilege to users with the username command. Users can access those commands by switching to that privilege level using the enable command. Users can use the enable privilege-level command to switch between privilege levels. The disable command takes the user to a lower level. When a remote user logs in, OS10 checks for a match in the local system. If there is a local user as the remote user, the privilege level of the local user is applied to the remote user for the login session. If there is no match in the local system, depending on the role of the remote user, OS10 assigns default privilege levels. For sysadmin, secadmin, and netadmin roles, OS10 assigns level 15 and for the netoperator role, OS10 assigns level 1. NOTE: The role of a local user and the corresponding remote user should be the same at both remote and local ends. Configure privilege levels for users To restrict CLI access for users, create the required privilege levels, assign commands, and then assign privilege levels to users. 1 Configure privilege levels. CONFIGURATION privilege mode priv-lvl privilege-level command-string • mode-Enter the privilege mode where you are configuring the specific command. The following table lists the available privilege modes and their corresponding command modes: Privilege mode CLI mode Exec exec configure class-map, DHCP, logging, monitor, openflow, policy-map, QOS, support-assist, telemetry, CoS, Tmap, UFD, VLT, VN, VRF, WRED, or alias interface Ethernet, FC, Loopback, mgmt, null, port-group, lag, breakout, range, port-channel, VLAN route-map route-map Security 797
![](/manual_guide/products/dell-powerswitch-s3048on-os10-enterprise-edition-user-guide-release-10430-cc9d5f5/797.png)