Configuring user group attributes
About user group attributes
User groups simplify local user configuration and management. A user group contains a group of local users and has a set of local user attributes. You can configure local user attributes for a user group to implement centralized user attributes management for the local users in the group. Local user attributes that are manageable include authorization attributes.
Procedure
Enter system view.
system-view
Create a user group and enter user group view.
user-group group-name
By default, a system-defined user group exists. The group name is system.
Configure authorization attributes for the user group.
authorization-attribute { acl acl-number | idle-cut minutes | ip-pool ipv4-pool-name | ipv6-pool ipv6-pool-name | session-timeout minutes | user-profile profile-name | vlan vlan-id | work-directory directory-name } *
By default, no authorization attributes are configured for a user group.
(Optional.) Configure password control attributes for the user group. Choose the following tasks as needed:
Set the password aging time.
password-control aging aging-time
Set the minimum password length.
password-control length length
Configure the password composition policy.
password-control composition type-number type-number [ type-length type-length ]
Configure the password complexity checking policy.
password-control complexity { same-character | user-name } check
Configure the maximum login attempts and the action to take for login failures.
password-control login-attempt login-times [ exceed { lock | lock-time time | unlock } ]
By default, a user group uses the global password control settings. For more information, see "Configuring password control."
Password control attributes are applicable only to device management users.