HP 6125XLG R2306-HP 6125XLG Blade Switch Fundamentals Configuration Guide - Page 56
Assigning user roles to remote AAA authentication users
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 56 highlights
Step 1. Enter system view. Command system-view 2. Enable the default user role function. role default-role enable Remarks N/A The default user role function is disabled. If the none authorization method is used for local users, you must enable the default user role function. Assigning user roles to remote AAA authentication users For remote AAA authentication users, user roles are configured on the remote authentication server. For information about configuring user roles for RADIUS users, see the RADIUS server documentation. For HWTACACS users, the role configuration must use the roles="role-1 role-2 ... role-n" format, where user roles are space separated. For example, configure roles="level-0 level-1 level-2" to assign level-0, level-1, and level-2 to an HWTACACS user. If the AAA server assigns the security-audit user role and other user roles to the same user, only the security-audit user role takes effect. NOTE: • To be compatible with privilege-based access control, the device automatically converts privilege-based user levels (0 to 15) assigned by an AAA server to RBAC user roles (level-0 to level-15). • If the AAA server assigns a privilege-based user level and a user role to a user, the user can use the collection of commands and resources accessible to both the user level and the user role. Assigning user roles to local AAA authentication users Configure user roles for local AAA authentication users in their local user accounts. Every local user has a default user role. If this default user role is not suitable, delete it. If the device has local users authorized the security-audit user role, you cannot delete the last local user who has that user role. The security-audit user role is mutually exclusive with other user roles. • When you assign the security-audit user role to a local user, the system asks for your confirmation to delete all the other user roles of the local user first. • When you assign the other user roles to a local user who has been assigned the security-audit user role, the system asks for your confirmation to delete the security-audit user role for the local user first. To assign a user role to a local user: Step 1. Enter system view. 2. Create a local user and enter local user view. Command system-view local-user user-name class { manage | network } Remarks N/A N/A 49