53
{ If the user passes remote authorization, the remote AAA server assigns the user roles specified
on the server. The AAA server can be a RADIUS or HWTACACS server.
• Non-AAA authorization—If the user uses password authentication or no authentication, the device
assigns user roles specified on the user line. This method also applies to SSH clients that use
publickey or password-publickey authentication. User roles assigned to these SSH clients are
specified in their respective local device management user accounts.
For more information about AAA and SSH, see Security Configuration Guide. For more information
about user line, see "Login overview" and "Logging in to the CLI."
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about
FIPS mode, see Security Configuration Guide.
Configuration task list
Tasks at a glance
(Required.) Creating user roles
(Required.) Configuring user role rules
(Optional.) Configuring feature groups
(Optional.) Configuring resource access policies
(Optional.) Assigning user roles
(Optional.) Configuring temporary user role authorization
Creating user roles
In addition to the predefined user roles, you can create a maximum of 64 custom user roles for granular
access control.
To create a user role:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a user role and
enter user role view.
role name role-name
By default, the system has 19 predefined
user roles: network-admin,
network-operator, level-n (where n
equals an integer in the range 0 to 15),
and security-audit. Among these user
roles, only the permissions and
description of the user roles level-0 to
level-14 are configurable.
To Next Page
Loading...
Need help?
General
