Role-Based CLI Access: Admin, Operator, and Viewer Levels
Admin Level:
The admin level has the highest privilege, granting full access to all commands and configurations. To define the admin level and create a user with admin privileges:
Router(config)# username admin privilege 15 secret [admin_password]
Once the admin level is defined, the user can enter the admin level with the following commands:
Username: admin
Password: [admin_password]
Router> enable
Router# configure terminal
Upon entering the above commands, the user gains access to the privileged exec mode with full administrative privileges.
Operator Level:
The operator level is designed for users who need to perform operational tasks without having administrative control. To define the operator level and create a user with operator privileges:
Router(config)# username operator privilege 5 secret [operator_password]
Users with operator privileges can execute specific commands related to network operations:
Username: operator
Password: [operator_password]
Router> enable
Router# show running-config
The above commands grant access to operational information without allowing configuration modifications.
Viewer Level:
The viewer level provides read-only access, allowing users to view the current system state without the ability to make any changes. To define the viewer level and create a user with viewer privileges:
Router(config)# username viewer privilege 1 secret [viewer_password]
Users with viewer privileges can execute commands to view network information:
Username: viewer
Password: [viewer_password]
Router> show interfaces
Router> show ip route
The above commands allow the user to view network interfaces and routing information without the ability to make configuration changes.
Verifying Role Level:
To verify the current role level, users can use the following command:
Router# show privilege
This command displays the current privilege level, allowing users to confirm their assigned role and associated access privileges.