Privilege levels allow certain users to have access to certain exec commands. Allowing users to have access to certain commands, without giving them access to everything, is often useful: for example, you can allow some users to clear a line that is hung, without giving them the ability to trash the entire configuration.
To set up a privilege level, first create an enable password with a privilege level assigned to it:
enable secret password level 10 ourpassword
This command assigns the password ourpassword to privilege level 10. Next, assign commands for this level with the privilege command:
privilege exec level 10 clear line privilege exec level 10 show running
Now users can enter privilege level 10 by giving the following command, followed by the correct password when they are prompted:
Router>enable 10
After entering the password, a user can give the commands clear line and show running, but not other privileged-mode commands.
No comments:
Post a Comment