Dell EMC SmartFabric OS10 User Guide Release 10.5.0

Configure privilege levels

1. Create privilege levels in CONFIGURATION mode.
   privilege mode priv-lvl privilege-level command-string
   • mode — Enter the privilege mode used to access CLI modes:
     • exec — Accesses EXEC mode.
     • configure — Accesses class-map, DHCP, logging, monitor, openflow, policy-map, QOS, support-assist, telemetry, CoS, Tmap, UFD, VLT, VN, VRF, WRED, and alias modes.
     • interface — Accesses Ethernet, fibre-channel, loopback, management, null, port-group, lag, breakout, range, port-channel, and VLAN modes.
     • route-map — Accesses route-map mode.
     • router — Accesses router-bgp and router-ospf modes.
     • line — Accesses line-vty mode.
   • priv-lvl privilege-level — Enter the number of a privilege level, from 2 to 14.
   • command-string — Enter the commands supported at the privilege level.
2. Create a user name, password, and role, and assign a privilege level in CONFIGURATION mode.
   username username password password role role priv-lvl privilege-level
   • username username — Enter a text string; 32 alphanumeric characters maximum; one character minimum.
   • password password — Enter a text string; 32 alphanumeric characters maximum, nine characters minimum.
   • role role — Enter a user role:
     • sysadmin — Full access to all commands in the system, exclusive access to commands that manipulate the file system, and access to the system shell. A system administrator can create user IDs and user roles.
     • secadmin — Full access to configuration commands that set security policy and system access, such as password strength, AAA authorization, and cryptographic keys. A security administrator can display security information, such as cryptographic keys, login statistics, and log information.
     • netadmin — Full access to configuration commands that manage traffic flowing through the switch, such as routes, interfaces, and ACLs. A network administrator cannot access configuration commands for security features or view security information.
     • netoperator — Access to EXEC mode to view the current configuration with limited access. A network operator cannot modify any configuration setting on a switch.
   • priv-lvl privilege-level—Enter a privilege level, from 0 to 15. If you do not specify the priv-lvl option, the system assigns privilege level 1 for the netoperator user and privilege level 15 for the sysadmin, secadmin, and netadmin users.

OS10(config)# privilege exec priv-lvl 12 "show version"
OS10(config)# privilege exec priv-lvl 12 "configure terminal"
OS10(config)# privilege configure priv-lvl 12 "interface ethernet"
OS10(config)# privilege interface priv-lvl 12 "ip address"
OS10(config)# username delluser password $6$Yij02Phe2n6whp7b$ladskj0HowijIlkajg981 role secadmin priv-lvl 12

OS10# show privilege
Current privilege level is 15.

OS10# show users

Index Line   User  Role     Application Idle Login-Time            Location         Privilege
----- ------ ----- -----   ----------- ---- -----------            --------         ---------
1     pts/0  admin sysadmin bash        >24h 2018-09-08 T06:51:37Z 10.14.1.91 [ssh] 15
2     pts/1  netad netadmin bash        >24h 2018-09-08 T06:54:33Z 10.14.1.91 [ssh] 10