22.3. Access levels to the Control Port

Permission levels to the Control Port depends by LOGIN-MODE.

22.3.1. LOGIN-MODE:LEGACY access levels

With LOGIN-MODE:LEGACY it's possible to log into the Control Port by using three different privilege levels:

  • User login level: “USER” is allowed to execute only some operations for supervising the Abilis CPX working mode; the execution of “USER” not allowed commands will cause the message “COMMAND NOT ALLOWED FOR USER LOGIN LEVEL” to be displayed.

  • Administrator login level: “ADMINISTRATOR” is allowed, with some restrictions, to execute all the operations for configuring and supervising the Abilis CPX; execution of “ADMINISTRATOR” not allowed commands will cause the message “COMMAND NOT ALLOWED FOR ADMINISTRATOR LOGIN LEVEL” to be displayed.

  • Super-User login level: SUPERUSER is able to completely manage the system.

Once the CP has been accessed, it's possible to check or modify the privilege level by using the command login.

Here is an example of how to access the Control Port through the Telnet port, with USER privileges:

[192.168.0.1] TELNETS>00-CP
COM

Abilis CPX - Ver. 8.5.1/STD - Build 4238.7 - Branch 8.5 - Abilis-ID 1800310
Monday 28/08/2017 08:38:44 (UTC+2:00)
Logged as USER

[11:29:21] ABILIS_CPX:

The User is asked to specify the requested access level (USER, ADMINISTRATOR or SUPERUSER) and then to insert the corresponding password. If the password is wrong, it will be asked again. After the third wrong try, the connection will be cleared.

[192.168.0.1] TELNETS>00-CP
COM

Abilis CPX - Ver. 8.5.1/STD - Build 4238.7 - Branch 8.5 - Abilis-ID 1800310
Monday 28/08/2017 08:38:44 (UTC+2:00)
Login:user
Password:

INVALID PASSWORD

Password:

INVALID PASSWORD

Password:

CLR F0 AE

[192.168.0.1] TELNETS>

22.3.2. LOGIN-MODE:USERS access levels

When using LOGIN-MODE:USERS the permission levels are the followings:

  • User 'super' can do everything, without restrictions

  • Users with CP-LEVEL:SUPER have the following restrictions:

    • Can't set password (PWD:) of user 'super';

    • Can't change LOGIN-MODE:USERS of control port;

  • Users with CP-LEVEL:ADMIN have the following restrictions:

    • Can't set password (PWD:) of user 'super';

    • Can't change LOGIN-MODE:USERS of control port;

    • Can't set password (PWD:) of other users with CP-LEVEL:ADMIN or CP-LEVEL:SUPER;

    • Can't remove users with CP-LEVEL:ADMIN or CP-LEVEL:SUPER;

    • Can't set CP-LEVEL:SUPER for any user, including themselves.

  • Users with CP-LEVEL:USER have most commands restricted, they are only allowed to some supervision and error recovery actions, plus some system utilities. The most relevant restrictions are:

    • Can't execute commands that modify the configuration ( A/S/C/M, CONF, SAVE, INIT, ...);

    • Can't execute commands that modify files on disks (CONF, FILE, SYS, ... );

    • Can't execute commands that stop or restart Abilis (WARM START, RESTART SYSTEM, SHUTDOWN SYSTEM, HALT, ...);

    • Can't execute commands that may reveal sensitive data (LICENCE, TRACE, IPFLOW, D <res> LOG, ...);

    • Other commands can be permitted entirely or just partially.

  • Users with CP-LEVEL:NO can't login to TELNET/SSH and can't access control port.