3 配置步骤

3.1  新建低权限账号

#配置管理地址和开启telnet配置略

#新建用户test,用给用户0级权限，0级权限可执行命令ping、quit、ssh2、super、system-view、telnet和tracert，取消用户network-operator权限（可选）

<H3C> system-view

[H3C]local-user test

[H3C]password simple test

[H3C-luser-manage-test]service-type telnet

[H3C-luser-manage-test]authorization-attribute  user-role level-0

[H3C-luser-manage-test]undo authorization-attribute user-role network-operator

[H3C-luser-manage-test]quit

3.2  配置Super切换密码

# 设置超级密码为123456

[H3C]super password simple 123456   //配置超级密码123456

3.3  保存配置

Save force

3.4  实验结果验证

#使用test账号登录，可以输入display但无新建vlan 曲线，新建地址等其他权限

login: test

Password:

<H3C>sys

[H3C]dis version

H3C Comware Software, Version 7.1.070, Release 1309P02

Copyright (c) 2004-2018 New H3C Technologies Co., Ltd. All rights reserved.

H3C S5560-30S-EI uptime is 0 weeks, 4 days, 23 hours, 16 minutes

Last reboot reason : Cold reboot

  [H3C]vlan 2

Permission denied.

[H3C]int vlan 1

Permission denied.

#用户试图下输入super命令，切换到管理员权限

<H3C>super

Password:

User privilege role is network-admin, and only those commands that authorized to the role can be used.

<H3C>sys

System View: return to User View with Ctrl+Z.

[H3C]vlan 2

3.5  注意事项                                                                                  

1、  level-0和level有输入super命令的权限， level-2～level-8和level-10～level-14：无缺省权限，需要管理员为其配置权限，具体用户权限介绍请查看官网手册，手册连接http://www.h3c.com/cn/d_201908/1222648_30005_0.htm

2、 缺省情况下，用户角色切换的缺省目的角色为network-admin ，无需配置super default role network-admin