MN700004 Rev 01 254. User Privilege LevelsIntroductionThe ESB26 Command Line Interface (CLI) supports privilege levels for allowing access toparticular commands. You can use this feature to protect the system from unauthorizedaccess.There are 16 privilege levels - from level 15, which is the most restricted level (lowestprivilege), to level 0, which is unrestricted (highest privilege).A privilege is associated to each user and each command. Users can only execute commandswith privilege levels that are equal to or less than (higher in nominal value) the privilegelevels that are assigned to them.Most of the commands have a privilege level 1. The common commands exit, quit, yes, no,etc. have privilege level 15, allowing all users to access them.For example, users with privilege level 8 have access to all CLI commands with privilegelevels from 8 to 15.NOTE User privilege levels are not numbered consequently (i.e. 1-5) to ensure compatibility withthe future versions of the device. Numbering shows the levels' priority only and is not usedin the CLI.The default privilege level assigned to users is level 0 (highest privilege).NOTE Users' names, passwords and privileges are stored in the internal flash memory so theyprotected from interruptions in switch's power supply. For safety reasons, the passwordscannot be retrieved in any human-readable form.Table 4-1 shows the CLI privilege levels.Table 4-1 Command Privilege LevelsP r i v i l e g e D e s c r i p t i o nadministrator (0): Full read/write privilege without restriction. The access to the security settings(user/password management commands; debug commands; license managementcommands, software upgrade, reload and script FS) is allowed.net-admin (4): Read/write privilege without access to the security, debug and otheradministrative settings (user/password management commands; debugcommands; license management commands, software upgrade, reload and scriptFS)technicianuser(8): Read/write privilege for Layer2, Read-only privilege for Layer3(12): Read-only privilege that allows access to all show commands; generalcommands: exit, quit, yes, no; show commands; enable, disable commands, pingand traceroute commands
