3Com S7902E Command Reference Manual - page 1996
1-5
command-privilege level
Syntax
command-privilege level level view view
command
undo command-privilege view view
command
View
System view
Default Level
3: Manage level
Parameters
level level
: Command level, in the range 0 to 3.
view view
: Specifies a view. The value
shell
of the argument
view
represents user view. The specified
view must be the view to which the command provided by the
command
argument belongs; for the
corresponding view, refer to the "View" section of the specified command.
command
: Command to be set in the specified view.
Description
Use the
command-privilege
command to assign a level for the specified command in the specified
view.
Use the
undo command-privilege view
command to restore the default.
By default, each command in a view has its specified level. For the details, refer to section “Configuring
User Privilege Levels and Command Levels” in the operation manual. Command level falls into four
levels: visit, monitor, system, and manage, which are identified by 0 through 3.
The administrator can assign a privilege level for a user according to his need. When the user logs on a
device, the commands available depend on the user’s privilege. For example, if a user’s privilege is 3
and the command privilege of VTY 0 user interface is 1, and the user logs on the system from VTY 0, he
can use all the commands with privilege smaller than three (inclusive).
Note that:
z
You are recommended to use the default command level or modify the command level under the
guidance of professional staff; otherwise, the change of command level may bring inconvenience
to your maintenance and operation, or even potential security problem.
z
When you configure the command-privilege command, the value of the command argument must
be a complete form of the specified command, that is, you must enter all needed keywords and
arguments of the command. The argument should be in the value range. For example, the default
level of the tftp server-address { get | put | sget } source-filename [ destination-filename ] [ source
{ interface interface-type interface-number | ip source-ip-address } ] command is 3; after the
command-privilege level 0 view shell tftp 1.1.1.1 put a.cfg command is executed, when users with
the user privilege level of 0 log in to the device, they can execute the tftp server-address put
source-filename command (such as the tftp 192.168.1.26 put syslog.txt command); users with the
user privilege level of 0 cannot execute the command with the get, sget or source keyword, and
cannot specify the destination-filename argument.