Default Level
3: Manage level
Parameters
level level: Command level, which ranges from 0 to 3.
view view: Specifies a view. The value shell of the argument view represents user view.
The specified view must be the view to which the command provided by the
command argument belongs; for the corresponding view, refer to the “View” section
of the specified command.
command: Command to be set in the specified view.
Description
Use the command-privilege command to assign a level for the specified command in
the specified view.
Use the undo command-privilege view command to restore the default.
By default, each command in a view has its specified level. For more information, see
Basic System Configuration in the Fundamentals Configuration Guide. Command level
falls into four levels: visit, monitor, system, and manage, which are identified by 0
through 3. The administrator can assign a privilege level for a user according to his or
her need. When the user logs on a device, the commands available depend on the
user’s privilege. For example, if a user’s privilege is 3 and the command privilege of VTY
0 user interface is 1, and the user logs on the system from VTY 0, all the commands with
privilege smaller than three (inclusive) can be used.
Use the default command level or modify the command level under the guidance
of professional staff; otherwise, the change of command level may introduce
maintenance, operation, or security problems.
When you configure the command-privilege command, the value of the
command argument must be a complete form of the specified command. You
must enter all keywords and arguments needed for the command. The argument
should be in the value range. For example, the default level of the tftp server-
address { get | put | sget } source-filename [ destination-filename ] [ source {
interface interface-type interface-number | ip source-ip-address } ] command is 3.
After the command-privilege level 0 view shell tftp 1.1.1.1 put a.cfg command is
executed, when users with the user privilege level of 0 log in to the device, they
can execute the tftp server-address put source-filename command (such as the
tftp 192.168.1.26 put syslog.txt command). Users with the user privilege level of 0
cannot execute the command with the get, sget or source keyword and cannot
specify the destination-filename argument.