Managing Users and Privileges
  • 25 Jan 2024
  • 4 Minutes to read
  • Contributors
  • PDF

Managing Users and Privileges

  • PDF

Article summary

You can configure each unit to be managed by several users, each having different privileges. Privileges, also referred to as permissions, are used to grant precise levels of access to different user groups. You may choose to limit certain users to only specific configuration options, such as firmware updates, ports, , etc., while others have full access to all features.


Note: You must define the permissions to assign to user groups before defining the user accounts.

Setting Up the Administrator Account


Note: To prevent losing administrator access to the unit, you cannot modify the administrator account privileges or delete the administrator account.


CAUTION: If you, as the administrator, forget your username or password the only way to regain access to the management Web interface is to perform a factory reset. Refer to Restoring Factory Default Settings.

Defining Permissions for a Group of Users

You must first define a permission group before you can assign users to groups.

To define privileges and sub-privileges in a permission group

  1. Access the page System ►Session ►Permissions.

  2. Click Add or click the Group Name that you want to edit.

  3. Select the Privileges to assign to the permission group, then click Apply.


    Notes:
    A "+" sign that precedes the privilege name indicates the availability of subprivileges. Clicking on the "+" will show you the available sub-privileges that can be added or revoked.
    You cannot change the privileges of user group Admin. This user group has full access to all functions.

For more information on specific parameters, refer to the following table.

Group Privileges (System ►Session ►Permissions)

ParameterDescription
Group NameThe name of the user permission group.
PrivilegesThe privileges given to the user permission group allow its members to edit, add or enable within these sections.

The following commands can be used by all users regardless of their privileges:

  • board
  • date
  • exit
  • help
  • ping
  • quit
  • sfp
  • syntax
  • tcp-connect
  • traceroute
  • version
ACL: Edit/Enable ACL settings.

Alarms: Edit/Add/Enable alarm reporting configurations.

CFM: Edit/Add the SOAM CFM feature.

Config: Import/Export configuration files through CLI.

Filters: Edit/Add Layer-2 filters, IPv4 filters and VLAN:

Firmware: Upgrade the firmware. Sub-privileges are available for upgrade and rollback.

History: Edit the history bucket statistics.

L2PT: Edit/Add L2 protocol tunneling rules.

Log: Edit syslog configuration and view logged entries.

Loop Detection: Edit/Add/Delete/Enable instance loop detection

Management: Edit/Add management access to the unit:

  • bridge
  • console
  • dns
  • gps
  • interface
  • inventory
  • license
  • mode admin
  • motd
  • mtr
  • ntp
  • ptp
  • route
  • sfp
  • snmp
  • snmp-trap
OAM: Edit/Add/Enable OAM and loopback
  • loopback
  • oam
PAA: Add/Edit/Enable the performance assurance agent instances.

Policies: Edit/Add/Enable policies for filtering traffic.

Port: Edit/Add/Enable port configurations

  • cable-test
  • media-selection
  • port
  • statistics
  • fault-propagation
Sub-privileges is available for internal loopback.

Protection: Add/Edit/Enable protection:

  • LACP
  • ERP
RFC-2544: Add/Edit/Enable the RFC-2544 menu.

SAT-Protocol: Edit/Add/Enable Service Activation Testing protocol.

SAT Reporting: Edit/Enable Service Activation Testing reporting.

Service Availability: Add/Edit/Enable the service availability instances.

Service Mapping: Add/Edit CoS profiles and bandwidth regulator sets :

  • bandwidth-regulator
  • cos-profile
  • regulator-set
Sessions: Manage sessions and edit session configuration:
  • RADIUS
  • TACACS+
  • reboot
  • session
Sub-privileges is available for reboot.

Shaping: Add/Edit traffic shapers database.

Traffic: Edit/Enable VLAN level and Working Rate settings from the Traffic configuration

TWAMP: Edit/Enable TWAMP Reflector settings.

Users: Edit/Add and manage user accounts and permissions:

  • permission-group
  • user
Virtual Connection: Add/Delete/Enable/Edit/Show vce configuration

Y.1564: Edit/Add/Enable Y.1564 test methodology.

All-add: Permission to add in all sections that are viewable

All-edit: Permission to edit in all sections that are viewable

All-enable: Permission to enable in all sections that are viewable

Adding and Editing User Accounts

To add or edit a user account

  1. Access the page System ▶Sessions ▶Users, a list of all user accounts that have been created for the unit is displayed.

  2. Click Add or click a User Name if you want to edit a user account.

  3. In the [User name] user settings page, complete the fields, then click Apply.

For more information on specific parameters, refer to the following table.

User Settings (System ▶Session ▶Users)

ParameterDescription
User NameThe login name for the account.
First NameThe account holder's first name.
Last NameThe account holder's last name.
Phone NumberThe account holder's phone number.
Email Address / EmailThe account holder's email address.
PasswordEnter the password for this account.

Note: Passwords for locally-authenticated users are limited to 128 characters as of release 7.9.5 (previous limit of 31 characters).

Confirm PasswordRe-enter the password for this account.

Administering User Account Privileges

You can grant different privileges or permissions to each user account if you have already defined both the user account and permission groups.


CAUTION: Modifying or reassigning the user groups for your account may result in you being unable to perform some tasks.

To give privileges to a user account

  1. Access the page System ▶Sessions ▶Users.

  2. Click the user name that you want to edit.

  3. In the [User Name] user settings page, click the Permission button, the user's User Permission page is displayed. All available user permission groups are listed.


    Note: You can create more groups in the Session ▶Permissions page.

  4. Select the user groups that you want to assign to this user, then click Apply.


    Note: You cannot change permission group of the user admin.

Changing Passwords

To change a user's password

  1. Access the page System ▶Sessions ▶Users.

  2. Click the user name that you want to edit.

  3. Enter the user's new password in both the Password and Confirm Password fields, then click Apply.


    Note: If you forget your username or password, contact your Administrator for a password reset.

© 2024 Cisco and/or its affiliates. All rights reserved.
 
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms

For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks



Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.