Configuring user group attributes

About user group attributes

User groups simplify local user configuration and management. A user group contains a group of local users and has a set of local user attributes. You can configure local user attributes for a user group to implement centralized user attributes management for the local users in the group. Local user attributes that are manageable include authorization attributes.

Procedure

  1. Enter system view.

    system-view

  2. Create a user group and enter user group view.

    user-group group-name

    By default, a system-defined user group exists. The group name is system.

  3. Configure authorization attributes for the user group.

    authorization-attribute { acl acl-number | idle-cut minutes | ip-pool ipv4-pool-name | ipv6-pool ipv6-pool-name | session-timeout minutes | user-profile profile-name | vlan vlan-id | work-directory directory-name } *

    By default, no authorization attributes are configured for a user group.

  4. (Optional.) Configure password control attributes for the user group. Choose the following tasks as needed:

    • Set the password aging time.

      password-control aging aging-time

    • Set the minimum password length.

      password-control length length

    • Configure the password composition policy.

      password-control composition type-number type-number [ type-length type-length ]

    • Configure the password complexity checking policy.

      password-control complexity { same-character | user-name } check

    • Configure the maximum login attempts and the action to take for login failures.

      password-control login-attempt login-times [ exceed { lock | lock-time time | unlock } ]

    By default, a user group uses the global password control settings. For more information, see "Configuring password control."

    Password control attributes are applicable only to device management users.