user-role level-1-15权限分别有哪些区别?
- 0关注
- 0收藏,4351浏览
问题描述:
user-role level-1-15权限分别有哪些区别?
组网及组网描述:
- 2023-05-16提问
- 举报
-
(0)
最佳答案
level-n (n = 0~15) |
· level-0:可执行命令ping、tracert、ssh2、telnet和super,且管理员可以为其配置权限 · level-1:具有level-0用户角色的权限,并且可执行系统所有功能和资源的相关display命令(除display history-command all之外),以及管理员可以为其配置权限 · level-2~level-8和level-10~level-14:无缺省权限,需要管理员为其配置权限 · level-9:可操作系统中绝大多数的功能和所有的资源,且管理员可以为其配置权限,但不能操作display history-command all命令、RBAC的命令(Debug命令除外)、MDC、文件管理、设备管理以及本地用户特性。对于本地用户,若用户登录系统并被授予该角色,可以修改自己的密码 · level-15:在缺省MDC中,具有与network-admin角色相同的权限;在非缺省MDC中,具有与mdc-admin角色相同的权限 |
- 2023-05-16回答
- 评论(0)
- 举报
-
(0)
参考角色权限及支持命令说明:
Role: network-admin
Description: Predefined network admin role has access to all commands on the device
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit command *
sys-2 permit RWX web-menu -
sys-3 permit RWX xml-element -
sys-4 deny command display security-logfile summary
sys-5 deny command system-view ; info-center securi
ty-logfile directory *
sys-6 deny command security-logfile save
sys-7 permit RW- oid 1
R:Read W:Write X:Execute
Role: network-operator
Description: Predefined network operator role has access to all read commands on the device
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit command display *
sys-2 permit command xml
sys-3 deny command display history-command all
sys-4 deny command display exception *
sys-5 deny command display cpu-usage configuration
*
sys-6 deny command display kernel exception *
sys-7 deny command display kernel deadloop *
sys-8 deny command display kernel starvation *
sys-9 deny command display kernel reboot *
sys-10 deny command display memory trace *
sys-11 deny command display kernel memory *
sys-12 permit command system-view ; local-user *
sys-13 permit command system-view ; switchto mdc *
sys-14 permit R-- web-menu -
sys-15 permit R-- xml-element -
sys-16 deny command display security-logfile summary
sys-17 deny command system-view ; info-center securi
ty-logfile directory *
sys-18 deny command security-logfile save
sys-19 permit R-- oid 1
R:Read W:Write X:Execute
Role: mdc-admin
Description: Predefined MDC admin role has access to all commands within an MDC instance
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit command *
sys-2 permit RWX web-menu -
sys-3 permit RWX xml-element -
sys-4 deny RWX feature mdc
sys-5 permit command display mdc *
sys-6 permit command switchback
sys-7 deny command display security-logfile summary
sys-8 deny command system-view ; info-center securi
ty-logfile directory *
sys-9 deny command security-logfile save
sys-10 permit RW- oid 1
R:Read W:Write X:Execute
Role: mdc-operator
Description: Predefined MDC operator role has access to all read commands within an MDC instance
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit command display *
sys-2 permit command xml
sys-3 deny command display history-command all
sys-4 deny command display exception *
sys-5 deny command display cpu-usage configuration
sys-6 deny command display kernel exception *
sys-7 deny command display kernel deadloop *
sys-8 deny command display kernel starvation *
sys-9 deny command display kernel reboot *
sys-10 deny command display memory trace *
sys-11 deny command display kernel memory *
sys-12 permit command system-view ; local-user *
sys-13 permit command switchback
sys-14 permit R-- web-menu -
sys-15 permit R-- xml-element -
sys-16 deny command display security-logfile summary
sys-17 deny command system-view ; info-center securi
ty-logfile directory *
sys-18 deny command security-logfile save
sys-19 permit R-- oid 1
R:Read W:Write X:Execute
Role: context-admin
Description: Predefined Context admin role has access to all commands within a Context
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit command *
sys-2 permit RWX web-menu -
sys-3 permit RWX xml-element -
sys-4 deny RWX feature context
sys-5 permit R-- command display context *
sys-5 deny command display security-logfile summary
sys-6 deny command system-view ; info-center securi
ty-logfile directory *
sys-7 deny command security-logfile save
sys-8 permit RW- oid 1
R:Read W:Write X:Execute
Role: context-operator
Description: Predefined Context operator role has access to all read commands within a Context
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit command display *
sys-2 permit command xml
sys-3 deny command display history-command all
sys-4 permit command system-view ; local-user *
sys-5 permit R-- web-menu -
sys-6 permit R-- xml-element -
sys-7 deny command display security-logfile summary
sys-8 deny command system-view ; info-center securi
ty-logfile directory *
sys-9 deny command security-logfile save
sys-10 permit R-- oid 1
R:Read W:Write X:Execute
Role: level-0
Description: Predefined level-0 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit command tracert *
sys-2 permit command telnet *
sys-3 permit command ping *
sys-4 permit command ssh2 *
sys-5 permit command super *
R:Read W:Write X:Execute
Role: level-1
Description: Predefined level-1 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit command tracert *
sys-2 permit command telnet *
sys-3 permit command ping *
sys-4 permit command ssh2 *
sys-5 permit command display *
sys-6 permit command super *
sys-7 deny command display history-command all
R:Read W:Write X:Execute
Role: level-2
Description: Predefined level-2 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
Role: level-3
Description: Predefined level-3 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
Role: level-4
Description: Predefined level-4 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
Role: level-5
Description: Predefined level-5 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
Role: level-6
Description: Predefined level-6 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
Role: level-7
Description: Predefined level-7 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
Role: level-8
Description: Predefined level-8 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
Role: level-9
Description: Predefined leve-9 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit RWX feature -
sys-2 deny RWX feature device
sys-3 deny RWX feature filesystem
sys-4 permit command display *
sys-5 deny command display history-command all
R:Read W:Write X:Execute
Role: level-10
Description: Predefined level-10 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
Role: level-11
Description: Predefined level-11 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
Role: level-12
Description: Predefined level-12 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
Role: level-13
Description: Predefined level-13 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
Role: level-14
Description: Predefined level-14 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
Role: level-15
Description: Predefined level-15 role
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 permit command *
sys-2 permit RWX web-menu -
sys-3 permit RWX xml-element -
sys-4 deny command display security-logfile summary
sys-5 deny command system-view ; info-center securi
ty-logfile directory *
sys-6 deny command security-logfile save
sys-7 permit RW- oid 1
R:Read W:Write X:Execute
Role: 123
Description: new role
VLAN policy: deny
Permitted VLANs: 1 to 5, 7 to 8
Interface policy: deny
Permitted interfaces: GigabitEthernet1/0/1 to GigabitEthernet1/0/2, Vlan-interface1 to Vlan-interface20
VPN instance policy: deny
Permitted VPN instances: vpn, vpn1, vpn2
Security zone policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
1 permit RWX feature-group abc
2 deny -W- feature ldap
3 permit command system ; radius sc *
4 permit R-- xml-element -
5 permit RW- oid 1.2.1
R:Read W:Write X:Execute
Role: security-audit
Description: Predefined security audit role only has access to commands for th
e security log administrator
VLAN policy: permit (default)
Interface policy: permit (default)
VPN instance policy: permit (default)
Security zone policy: permit (default)
-------------------------------------------------------------------
Rule Perm Type Scope Entity
-------------------------------------------------------------------
sys-1 deny command *
sys-2 permit command display security-logfile summary
sys-3 permit command system-view ; info-center securi
ty-logfile directory *
sys-4 permit command security-logfile save
sys-5 permit command cd *
sys-6 permit command copy *
sys-7 permit command delete *
sys-8 permit command dir *
sys-9 permit command mkdir *
sys-10 permit command more *
sys-11 permit command move *
sys-12 permit command rmdir *
sys-13 permit command pwd
sys-14 permit command rename *
sys-15 permit command undelete *
sys-16 permit command ftp *
sys-17 permit command sftp *
sys-18 permit command virtual-ftp-append
sys-19 permit command virtual-ftp-ascii
sys-20 permit command virtual-ftp-binary
sys-21 permit command virtual-ftp-bye
sys-22 permit command virtual-ftp-cd
sys-23 permit command virtual-ftp-cdup
sys-24 permit command virtual-ftp-close
sys-25 permit command virtual-ftp-delete
sys-26 permit command virtual-ftp-debug
sys-27 permit command virtual-ftp-dir
sys-28 permit command virtual-ftp-disconnect
sys-29 permit command virtual-ftp-get
sys-30 permit command virtual-ftp-help
sys-31 permit command virtual-ftp-lcd
sys-32 permit command virtual-ftp-ls
sys-33 permit command virtual-ftp-mkdir
sys-34 permit command virtual-ftp-newer
sys-35 permit command virtual-ftp-open
sys-36 permit command virtual-ftp-passive
sys-37 permit command virtual-ftp-put
sys-38 permit command virtual-ftp-pwd
sys-39 permit command virtual-ftp-quit
sys-40 permit command virtual-ftp-reget
sys-41 permit command virtual-ftp-rstatus
sys-42 permit command virtual-ftp-rhelp
sys-43 permit command virtual-ftp-rename
sys-44 permit command virtual-ftp-reset
sys-45 permit command virtual-ftp-restart
sys-46 permit command virtual-ftp-rmdir
sys-47 permit command virtual-ftp-status
sys-48 permit command virtual-ftp-system
sys-49 permit command virtual-ftp-user
sys-50 permit command virtual-ftp-verbose
sys-51 permit command virtual-ftp-remove
sys-52 permit command virtual-ftp-exit
R:Read W:Write X:Execute
- 2023-05-16回答
- 评论(0)
- 举报
-
(0)
暂无评论
H3C V7平台新增用户角色功能,相当于windows系统的用户组,每个用户组的权限不一样,H3C v7平台了为了方便权限管理等设置了此功能(官方说法为RBAC功能)。无论是默认账号还是新增账号都需要关联管理权限,当然默认账号都是默认设置好了权限的。
以上角色我们还可以新建等自定义一些权限,功能那是相当丰富,各种权限都可以随意玩,重庆网管博客后面的文章会专门讲解自定义角色,敬请大家关注。当然自定义角色一般场景是用不着的,默认的角色就够用了。
好了,说下默认角色的权限级别如下:
network-admin:具有最高权限,可操作系统所有功能和资源(除安全日志文件管理相关命令外),配置此权限默认会给network-operator权限。
network-operator:可执行系统所有功能和资源的相关display命令(除安全日志等查看命令外,具体大家可以自行查看)。
Level-n(0-15):数值越大,权限越大。level-15相当于network-admin权限。
security-audit:安全日志管理员权限,仅具有安全日志的读、写、执行权限。
- 2023-05-16回答
- 评论(0)
- 举报
-
(0)
暂无评论
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论