3com S7906E Guida Di Riferimento
1-5
command-privilege level
Syntax
command-privilege level level view view command
undo command-privilege view view command
View
System view
Default Level
3: Manage level
Parameters
level level: Command level, in the range 0 to 3.
view view: Specifies a view. The value shell of the argument view represents user view. The specified
view must be the view to which the command provided by the command argument belongs; for the
corresponding view, refer to the "View" section of the specified command.
command: Command to be set in the specified view.
Description
Use the command-privilege command to assign a level for the specified command in the specified
view.
Use the undo command-privilege view command to restore the default.
By default, each command in a view has its specified level. For the details, refer to section “Configuring
User Privilege Levels and Command Levels” in the operation manual. Command level falls into four
levels: visit, monitor, system, and manage, which are identified by 0 through 3.
The administrator can assign a privilege level for a user according to his need. When the user logs on a
device, the commands available depend on the user’s privilege. For example, if a user’s privilege is 3
and the command privilege of VTY 0 user interface is 1, and the user logs on the system from VTY 0, he
can use all the commands with privilege smaller than three (inclusive).
Note that:
z
You are recommended to use the default command level or modify the command level under the
guidance of professional staff; otherwise, the change of command level may bring inconvenience
to your maintenance and operation, or even potential security problem.
z
When you configure the command-privilege command, the value of the command argument must
be a complete form of the specified command, that is, you must enter all needed keywords and
arguments of the command. The argument should be in the value range. For example, the default
level of the tftp server-address { get | put | sget } source-filename [ destination-filename ] [ source
{ interface interface-type interface-number | ip source-ip-address } ] command is 3; after the
command-privilege level 0 view shell tftp 1.1.1.1 put a.cfg command is executed, when users with
the user privilege level of 0 log in to the device, they can execute the tftp server-address put
source-filename command (such as the tftp 192.168.1.26 put syslog.txt command); users with the
user privilege level of 0 cannot execute the command with the get, sget or source keyword, and
cannot specify the destination-filename argument.