26
sensitive string of one to 32 characters. It can consist of English letters, digits, and
underlines and must start with an English letter.
vlan
vlan-id
: Specifies the authorized VLAN of the local user(s), where
vlan-id
represents
the VLAN number, in the range 1 to 4094.
work-directory
directory-name
: Specifies the authorized work directory of the local
user(s), if the user or users are authorized the FTP or SFTP service type. The authorized
work directory is a case-insensitive string of 1 to 135 characters.
Description
Use the
authorization-attribute
command to configure authorization attributes for the
local user or user group. After the local user or a local user of the user group passes
authentication, the device will assign these attributes to the user.
Use the
undo authorization-attribute
command to remove authorization attributes.
By default, no authorization attribute is configured for a local user or user group.
Every configurable authorization attribute has its definite application environments
and purposes. Therefore, when configuring authorization attributes for a local user,
consider what attributes are needed. For example, for PPP users, you do not need
to configure the work directory attribute.
The assignment of local user authorization attributes does not take the service type
into account, the configured authorization attributes is effective to all types of
users.
Authorization attributes configured for a user group are effective on all local users
of the group.
An authorization attribute configured in local user view takes precedence over the
same attribute configured in user group view.
If you specify to perform no authentication or perform password authentication,
the levels of commands that a user can access after login depends on the level of
the user interface. For more information about user interface login authentication
methods, see the authentication-mode command in User Interface in the
Fundamentals Command Reference. If the authentication method requires users
to provide usernames and passwords, the levels of commands that a user can
access after login depends on the level of the user. For an SSH user authenticated
with an RSA public key, available commands depend on the level specified on the
user interface.
Examples
Configure the authorized VLAN of user group
abc
as VLAN 3.
<Sysname> system-view