The right-manager user command helps privileged users obtain corresponding access permissions without authentication.
The undo right-manager user command withdraws the permission of a privilege user.
right-manager user user-name user-name ip ip-address roles { role-id role-id &<1-16> | role-name role-name &<1-16> }
undo right-manager user ip ip-address
| Parameter | Description | Value |
|---|---|---|
| user-name | Specifies the name for the privileged user. | It is a string of 1 to 32 characters long. |
| ip-address | Specifies the IP address of the privileged user. | - |
| role-id | Specifies the role ID of the privileged user. | It is an integer in the range from 1 to 900. |
| role-name | Specifies the role name of the privileged user. | It is a string with 1 or up to 32 characters long. |
Before running the right-manager user command, you need to configure the default ACL rule.
After this command is configured, you can add a privileged user (the user name does not exist yet) or modify the role of a user (the user name already exists).
Once the special access permission is withdrawn, the user needs to pass through the authentication for obtaining the desired access permission.
The mappings between IP address, role, and user are:
One role name maps one role ID
One role can map multiple users
One user can have multiple roles. You can specify at most 16 roles for a user
One IP address maps one user
IP addresses are not directly related to roles