set system aaa ldap command-level permit
The set system aaa ldap command-level permit command configures command level and permit command.
The delete system aaa ldap command-level permit command deletes the configuration.
Â
Command Syntax
set system aaa ldap command-level <value> permit <command>
delete system aaa ldap command-level <value> permit <command>
Â
Parameters
Parameter | Description |
command-level <value> | Specifies the command level for an LDAP user. The value is an integer that ranges from 1 to 14. |
permit <command> | Configures permit CLI commands for users. NOTE: If the command is one word you can leave it unquoted, if it is more than one word you need to put it in double quotes. |
Â
Usage Guidelines
In general, we recommend that users configure command-level and permit command together, and the higher the value of command level, the higher the priority. After configuring the command level to a group, the group users with high level can run all commands below its command level. For example, set group1 command-level 1and group2 command-level 2, LDAP users belong to group2 can run any commands in group1.
NOTE:
Group user without command-level can only run show and exit when they log in.
Â
Example
Configure the group name and class for an LDAP user.
admin@PICOS# set system aaa ldap command-level 2 permit "set protocols"
admin@PICOS# set system aaa ldap command-level 2 permit "set vlans"
admin@PICOS# set system aaa ldap group bob-group command-level 2
admin@PICOS# commit
Copyright © 2024 Pica8 Inc. All Rights Reserved.