MN700004 Rev 01
4. User Privilege Levels
The ESB26 Command Line Interface (CLI) supports privilege levels for allowing access to
particular commands. You can use this feature to protect the system from unauthorized
There are 16 privilege levels - from level 15, which is the most restricted level (lowest
privilege), to level 0, which is unrestricted (highest privilege).
A privilege is associated to each user and each command. Users can only execute commands
with privilege levels that are equal to or less than (higher in nominal value) the privilege
levels that are assigned to them.
Most of the commands have a privilege level 1. The common commands
exit, quit, yes, no,
have privilege level 15, allowing all users to access them.
For example, users with privilege level 8 have access to all CLI commands with privilege
levels from 8 to 15.
User privilege levels are not numbered consequently (i.e. 1-5) to ensure compatibility with
the future versions of the device. Numbering shows the levels' priority only and is not used
in the CLI.
The default privilege level assigned to users is level 0 (highest privilege).
Users' names, passwords and privileges are stored in the internal flash memory so they
protected from interruptions in switch's power supply. For safety reasons, the passwords
cannot be retrieved in any human-readable form.
Table 4-1 shows the CLI privilege levels.
Table 4-1 Command Privilege Levels
P r i v i l e g e D e s c r i p t i o n
(0): Full read/write privilege without restriction. The access to the security settings
(user/password management commands; debug commands; license management
commands, software upgrade, reload and script FS) is allowed.
(4): Read/write privilege without access to the security, debug and other
administrative settings (user/password management commands; debug
commands; license management commands, software upgrade, reload and script
(8): Read/write privilege for Layer2, Read-only privilege for Layer3
(12): Read-only privilege that allows access to all show commands; general
commands: exit, quit, yes, no; show commands; enable, disable commands, ping
and traceroute commands