command-privilege level
Function
The command-privilege level command sets the command level of a specified view.
The undo command-privilege view command removes the configured command level.
By default, the ping, tracert, and telnet commands are of the visit level (0). The display command is the monitoring level (1). Most configuration commands are of the configuration level (2). After promotion, the command level is 10. The command to configure the user key, debugging commands, FTP commands, XModem commands, and file system operation commands are of the management level (3). After promotion, the command level is 10.
Format
command-privilege level level view view-name command-key
undo command-privilege [ level level ] view view-name command-key
Parameters
| Parameter | Description | Value |
|---|---|---|
| level level | Specifies the precedence of a command. | The value ranges from 0 to 15. |
| view view-name | Specifies the view name. | You can select a view name from the view list provided on the web UI. |
| command-key | Specifies the command to be configured. | The value is a string of characters. |
Usage Guidelines
Command privileges are divided into four levels, that is, visit, monitoring, configuration, and management, identified as 0 to 3 respectively. By default, ping, tracert, and telnet commands are in the visit level (0). The display command is in the monitoring level (1). Most configuration commands are in the configuration level (2). The commands for user key settings, FTP, XModem, TFTP, and file system operations are in the management level (3). A user can run the commands of which the levels are equal to or lower than the user level.
The original command-level classification is of coarse granularity. To implement refined management of user privileges, you can run the command-privilege level rearrange command to reset the level of a specified command. After the command-privilege level rearrange command is run, the level of a command is increased, for example, from the level 2 to level 10, and from the level 3 to level 15.
Changing the level of a command will affect the use of the command by other users. Therefore, change the command level only when necessary.
Example
<sysname> system-view [sysname] command-privilege level 3 view shell display history-command
# Reduce the privilege of the interface GigabitEthernet 0/0/1 command to level 0.
<sysname> system-view
[sysname] command-privilege level 0 view system interface GigabitEthernet 0/0/1