user-group

Function

The user-group command creates a user group or enter the user group view.

The undo user-group command deletes a user group.

By default, four user groups (visit-ug, monitor-ug, system-ug, and manage-ug) are available.

Format

user-group user-group-name

undo user-group user-group-name

Parameters

Parameter	Description	Value
user-group-name	Indicates the user group name.	The value is a string of 1 to 32 characters containing letters, digits, and underscores (_). The name of a user group must be unique on a virtual system (VS). The value must comply with the Windows naming rule and cannot contain the following characters or symbols: \, /, :, *, \| , ?, ", <, >

Parameter

Description

Value

user-group-name

Indicates the user group name.

The value is a string of 1 to 32 characters containing letters, digits, and underscores (_). The name of a user group must be unique on a virtual system (VS). The value must comply with the Windows naming rule and cannot contain the following characters or symbols: \, /, :, *, | , ?, ", <, >

Views

AAA view

Default Level

3: Management level

Task Name and Operations

Task Name	Operations
aaa	write

Usage Guidelines

Usage Scenario

When the rights of the system default user group fail to meet your demand, you can create a new user group and allocate required rights (task groups) to the new user group. In this manner, user rights can be controlled in a more flexible way.

The default user groups (visit-ug, monitor-ug, system-ug, and manage-ug) are automatically mapped to levels 0 to 3; however, user-defined user groups are not automatically mapped to any levels. You can add a user-defined user group to a task group to determine the permission of this user group. The users of different levels can run commands of different levels.

By default, commands are registered according to levels 0 to 3.

Commands of level 0, the visit level: include diagnostic tools (such as the ping and tracert commands) and the commands that are used to access a remote device (such as Telnet and SSH).
Commands of level 1, the monitoring level: are used for system maintenance, including display commands.
Commands of level 2, the configuration level: include commands used for service configuration, such as routing commands and commands at each network layer to provide network services to users.
Commands of level 3, the management level: are used for system basic operation to support services, including file system, FTP, Trivial File Transfer Protocol (TFTP), and configuration file switching -commands, slave board control commands, user management commands, command level configuration commands, and debugging commands.

Follow-up Procedure

Allocate required rights to the user group, that is, add the user group to the user group, and add users to the user group.

Precautions

When a user group is to be deleted, the user group to be deleted exists. And No local or online user belongs to this user group.The default user group cannot be deleted. When the number of user groups reaches the system threshold, no more user groups can be created.

Example

# Create a user group.

<HUAWEI> system-view
[~HUAWEI] aaa
[~HUAWEI-aaa] user-group admin_ug