The local-user user-group command adds a user to the specified user group.
The undo local-user user-group command deletes a user from the specified user group.
By default, a local user does not belong to any user group.
| Parameter | Description | Value |
|---|---|---|
| user-name |
Indicates the user name. |
The value is a string of 1 to 253 case-insensitive characters without spaces. If the value includes @, the characters before @ are the user name and the characters after @ are the domain name. If the value excludes @ or the domain name does not exist, the entire string is the user name and the user belongs to the default domain. A user name cannot contain two or more @s. When the user security policy is configured, the value is a string of 6 to 253 characters. When the user security policy is not configured, the value is a string of 1 to 253 characters. The user name cannot contain spaces or the following special characters: /, \, :, *, ?, ", <, >, |, @, ', %. |
| user-group user-group-name |
Indicates the name of a user group. To configure a user group, run the user-group command. By default, four user groups (manage-ug, system-ug, monitor-ug, and visit-ug) are available. |
The value is a string of 1 to 32 characters containing letters, digits, and underscores (_). The value must comply with the Windows naming rule and cannot contain the following characters or symbols: \, /, :, *, | , ?, ", <, > |
Usage Scenario
The system manages user rights through user groups. A user can obtain rights after joining a user group.
Prerequisites
local-user user-group
Follow-up Procedure
After running the local-user user-group command, you can run the display local-user command to check whether the user is added to the user group.
Precautions
One user group can be used by multiple local users. However, a local user belongs to only one user group.
A local user can use the local-user level command to set the user level. If both the user level and user group level are set for a local user, the user rights are determined by the user level.
The default user group and the user groups that are used by a local user or an online user cannot be deleted.
A local user attribute change does not apply to online users. The change takes effect after the online users relog in.
In a scenario where AAA authentication is enabled, if you attempt to change the user level of a local administrator to a non-administrator, the system checks whether the current administrator is the last administrator. If the administrator is the last administrator, the system displays a message indicating that the operation is risky and affects administrator login and asks for your confirmation.