Levels 2 through 14 are available as user-defined (customized)
modes.
The global configuration privilege {mode } level {level } command is available to change, move, or set a privilege for a
command to any of these levels. The {mode} refers to different modes on the router, such as exec or configure.
The line configuration mode privilege level {level } command is used to change the default privilege level for a given line group of lines.
Example 3-1 shows a user account "yusuf" created with privilege level 5, and several IOS (privilege 15) commands are moved level 5 to be available for this user.
Example 3-1. Configuring Privilege Level
Router(config)# username yusuf privilege 5 password cisco
Router(config)# privilege exec level 5 show run
Router(config)# privilege exec all level 5 clear
Router(config)# privilege exec level 5 write memory
Router(config)# privilege exec level 5 configure terminal
Router(config)# privilege configure level 5 interface
Although the previous example shows local authentication, more granularities in control of the device can be achieved with the
implementation of TACACS+ Command authorization using the AAA paradigm (discussed in Part II of this book).
Pages:
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127