[Contents] [Prev] [Next] [Index] [Report an Error]

Using the Order of Precedence

The effectiveness of a privilege level that is set with the all keyword depends on its precedence level in the CLI. A privilege level is considered to be in effect only if a privilege level that is configured at a higher precedence level does not override it.

The CLI uses the following order of precedence:

Privilege level set for all commands within a mode, including modes that are accessed from another mode; for example, Global Configuration mode
Privilege level set for all commands that begin with the same keyword; for example, snmp commands
Privilege level set for individual commands; for example, snmp-server community

Note: This order of precedence does not apply to privilege levels that are set without the all keyword.

In the following example, the privilege level of the snmp-server community command is set to level 11, the privilege level for all commands that begin with snmp is set to level 10, and the privilege level for all commands in Global Configuration mode is set to level 5.



host1(config)#privilege configure level 11
snmp-server community 

host1(config)#privilege configure all level
10 snmp 

host1(config)#privilege exec all level 5 configure

The following show configuration output displays the privilege levels set above. The privilege levels for the snmp-server community command and the snmp-server group of commands are still present in the output. However, the privilege level of Global Configuration mode takes precedence, and the privilege levels of the other commands are rendered ineffective. Users can access all snmp commands at level 5 or higher.



host1#show config category management cli
command-privileges 

privilege configure level 11 snmp-server community
privilege configure all level 10 snmp-server
privilege exec all level 5 configure

[Contents] [Prev] [Next] [Index] [Report an Error]