最佳答案
配置三权分立,命令参考如下。
配置账户角色
#
role name level-3
description Predefined level-3 role
rule 1 permit read write web-menu m_device/m_maintenance/m_changepassword
#
role name admin
description 系统管理
rule 1 permit read write execute feature
rule 2 permit read write execute web-menu
rule 3 deny read write execute web-menu m_monitor/
rule 4 deny read write execute web-menu m_resource/
rule 5 deny read write execute web-menu m_user/
rule 6 deny read write execute web-menu m_firewall/
rule 7 deny read write execute web-menu m_appsecurity/
rule 8 deny read write execute web-menu m_nat/
rule 9 deny read write execute web-menu m_vpn/
rule 10 deny read write execute web-menu m_loadbalance/
rule 11 deny read write execute web-menu m_network/
rule 12 deny read write execute web-menu m_secmonitor/
#
role name security-secret
description 安全保密管理
rule 1 permit read write execute feature
rule 2 permit read write execute web-menu
rule 3 deny read write execute web-menu m_dashboard/
rule 4 deny read write execute web-menu m_device/
rule 5 deny read write execute web-menu m_user/
rule 6 deny read write execute web-menu m_secmonitor/
#
配置三权账户
#
local-user admin class manage
service-type ftp
service-type telnet terminal https
authorization-attribute work-directory slot1#flash:
authorization-attribute user-role admin
password-control aging 7
password-control length 8
password-control composition type-number 3 type-length 1
password-control login-attempt 5 exceed lock-time 10
#
local-user audit class manage
service-type telnet terminal https
authorization-attribute user-role security-audit
password-control aging 7
password-control length 8
password-control composition type-number 3 type-length 1
password-control login-attempt 5 exceed lock-time 10
#
local-user secret class manage
service-type telnet terminal https
authorization-attribute work-directory slot1#flash:
authorization-attribute user-role level-3
authorization-attribute user-role security-secret
password-control aging 7
password-control length 8
password-control composition type-number 3 type-length 1
password-control login-attempt 5 exceed lock-time 10
#
(0)
暂无评论
参考
https://www.h3c.com/cn/d_202203/1570289_30005_0.htm
51-管理员三权分立(F1000-C8102)
(0)
暂无评论
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论