set system aaa ldap command-level permit

The set system aaa ldap command-level permit command configures command level and permit command.

The delete system aaa ldap command-level permit command deletes the configuration.

 

Command Syntax

set system aaa ldap command-level <value> permit <command>

delete system aaa ldap command-level <value> permit <command>

 

Parameters

Parameter

Description

command-level <value>

Specifies the command level for an LDAP user. The value is an integer that ranges from 1 to 14.

permit <command>

Configures permit CLI commands for users.

NOTE:

If the command is one word you can leave it unquoted, if it is more than one word you need to put it in double quotes.

 

Usage Guidelines

In general, we recommend that users configure command-level and permit command together, and the higher the value of command level, the higher the priority. After configuring the command level to a group, the group users with high level can run all commands below its command level. For example, set group1 command-level 1and group2 command-level 2, LDAP users belong to group2 can run any commands in group1.

NOTE:

Group user without command-level can only run show and exit when they log in.

 

Example

  • Configure the group name and class for an LDAP user.

admin@PICOS# set system aaa ldap command-level 2 permit "set protocols" admin@PICOS# set system aaa ldap command-level 2 permit "set vlans" admin@PICOS# set system aaa ldap group bob-group command-level 2 admin@PICOS# commit

Copyright © 2024 Pica8 Inc. All Rights Reserved.