By default, the software supports two roles for login sessions: administrative (or “admin” privilege having "write" permission) and non-administrative (or “user” privilege having "read-only" permission).
To change a user's account-level privileges to be administrative or non-administrative, use the command configure account [all | name] privilege [admin | user]. Any sessions that are currently logged in with the account specified are cleared and therefore forced to login again with the new privilege.
In addition to the account-level privileges, you can optionally use an external RADIUS server to provide CLI command authorization checking for each command. For more information on RADIUS, see Security.
NoteCLI commands are sent to the RADIUS server unencrypted. Sensitive information entered into the CLI could be seen by either internal or external third parties.