Comware

With Comware 5 devices we are able to setup a local user with basic read access to the device and then use 'su' to change to full admin rights after a suitable password is entered akin to the *cough* Cisco 'enable' mode.
How on earth do I do this in CW7? If I grant a user the 'network-operator' role they don't have permission to issue the 'su' command. If I grant the 'network-admin' role they have full access from the start. The system only uses local users on the device so no TACACS or RADIUS involved. I am sure I am missing something simple but CW7 seems to have made simple functionality overly complicated and has me stumped!
TIA
Zac

Hi Zac,

in CMW7 the complete AAA Section has been redesigned. So you have now 16 levels for Access Control. You can enter the command display role to show the predefined roles and access rights and of course you can change them. To achieve a similar behavior as it was in CMW5 you have to create a user with authorization-attribute user-role level-1 (network-operator is not permitted to enter super-command) and set the command: super password role network-admin simple <PWD>.

Best regards,
Marco.

With Comware 5 devices we are able to setup a local user with basic read access to the device and then use 'su' to change to full admin rights after a suitable password is entered akin to the *cough* Cisco 'enable' mode.
How on earth do I do this in CW7? If I grant a user the 'network-operator' role they don't have permission to issue the 'su' command. If I grant the 'network-admin' role they have full access from the start. The system only uses local users on the device so no TACACS or RADIUS involved. I am sure I am missing something simple but CW7 seems to have made simple functionality overly complicated and has me stumped!
TIA
Zac