Role-Based CLI Access: Admin, Operator, and Viewer Levels

In a Role-Based CLI Access environment, there are three distinct access levels: admin, operator, and viewer. Each level corresponds to a set of privileges and commands. Let’s explore each level in detail:

Admin Level:

The admin level has the highest privilege, granting full access to all commands and configurations. To define the admin level and create a user with admin privileges:

Router(config)# username admin privilege 15 secret [admin_password]

Once the admin level is defined, the user can enter the admin level with the following commands:

Username: admin
Password: [admin_password]

Router> enable
Router# configure terminal

Upon entering the above commands, the user gains access to the privileged exec mode with full administrative privileges.

Operator Level:

The operator level is designed for users who need to perform operational tasks without having administrative control. To define the operator level and create a user with operator privileges:

Router(config)# username operator privilege 5 secret [operator_password]

Users with operator privileges can execute specific commands related to network operations:

Username: operator
Password: [operator_password]

Router> enable
Router# show running-config

The above commands grant access to operational information without allowing configuration modifications.

Viewer Level:

The viewer level provides read-only access, allowing users to view the current system state without the ability to make any changes. To define the viewer level and create a user with viewer privileges:

Router(config)# username viewer privilege 1 secret [viewer_password]

Users with viewer privileges can execute commands to view network information:

Username: viewer
Password: [viewer_password]

Router> show interfaces
Router> show ip route

The above commands allow the user to view network interfaces and routing information without the ability to make configuration changes.

Verifying Role Level:

To verify the current role level, users can use the following command:

Router# show privilege

This command displays the current privilege level, allowing users to confirm their assigned role and associated access privileges.


Role Based Cli Access Admin, Operator, And Viewer Levels

Role-Based CLI Access Admin, Operator, and Viewer Levels