43
Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide
OL-28417-02
Chapter Configuring General Router Features
User Access Privileges
For example, the following prompt indicates that the CLI commands are executed on the RP in rack 0,
slot , by the “CPU0” module on a router named “router”:
RP/0//CPU0:router#
User Access Privileges
When you log in to the router, your username and password are used to determine if you are authorized
to access the router. After you successfully log in, your username is used to determine which commands
you are allowed to use. The following sections provide information on how the router determines which
commands you can use:
• User Groups, Task Groups, and Task IDs, page 53
• Predefined User Groups, page 54
• Displaying the User Groups and Task IDs for Your User Account, page 55
User Groups, Task Groups, and Task IDs
The Cisco IOS XR software ensures security by combining tasks a user wants to perform (task IDs) into
groups, defining which router configuration and management functions users can perform. This policy
is enabled by the definition of:
• User groups—Collection of users that share similar authorization rights on a router.
• Task groups—Definition of collection of tasks identified by unique task IDs for each class of action.
• Task IDs—Definition of permission to perform particular tasks; pooled into a task group that is then
assigned to users.
The commands you can perform are defined by the user groups to which you belong. Within the Cisco
IOS XR software, the commands for a particular feature, like access control lists, are assigned to tasks.
Each task is uniquely identified by a task ID. To use a particular command, your username must be
associated with the appropriate task ID.
The association between a username and a task ID takes place through two intermediate entities, the user
group and task group.
The user group is a logical container used to assign the same task IDs to multiple users. Instead of
assigning task IDs to each user, you can assign them to the user group. Then, you can assign users to that
user group. When a task is assigned to a user group, you can define the access rights for the commands
associated with that task. These rights include “read”, “write”, “execute”, and “notify”.
module Entity on a card that executes user commands or communicates with
a port (interface). For executing commands from the EXEC prompt,
the module is the “CPU0” of the RP. “CPU0” also controls the
forwarding and operating system (OS) functions for the system. .
router-name Hostname of the router. The hostname is usually defined during
initial configuration of the router, as described in the “Configuring
the SDRRSP Hostname” section on page 85.
Table 2 CLI Prompt Description (continued)
Prompt Syntax Components Description
To Next Page
Loading...
Need help?
General
