User Role Assignment; Fips Compliance - HP 10500 Series Configuration Manual

User role name
security-audit

User role assignment

You assign access rights to a user by assigning a minimum of one user role. The user can use the
collection of items and resources accessible to any user role assigned to the user. For example, you can
access any interface to use the qos apply policy command if you are assigned the following user roles:
• User role A denies access to the qos apply policy command and permits access only to interface
GigabitEthernet 1/0/1.
User role B permits access to the qos apply policy command and all interfaces.
•
Depending on the authentication method, user role assignment has the following methods:
AAA authorization—If scheme authentication is used, the AAA module handles user role
•
assignment.
If the user passes local authorization, the device assigns the user roles specified in the local user
account.
If the user passes remote authorization, the remote AAA server assigns the user roles specified
on the server. The AAA server can be a RADIUS or HWTACACS server.
Non-AAA authorization—When the user accesses the device without authentication or by passing
•
password authentication, the device assigns user roles specified on the user line. This method also
applies to SSH clients that use publickey or password-publickey authentication. User roles assigned
to these SSH clients are specified in their respective device management user accounts.
For more information about AAA and SSH, see Security Configuration Guide. For more information
about user line, see "Login overview" and "Configuring CLI login."

FIPS compliance

The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about
FIPS mode, see Security Configuration Guide.
Permissions
Security log manager. The user role has the following access rights to
security log files:
•
Accesses the commands for displaying and maintaining security log
files (for example, the dir, display security-logfile summary, and more
commands).
•
Accesses the commands for managing security log files and security
log file system (for example, the info-center security-logfile directory,
mkdir, and security-logfile save commands).
For more information about security log management, see Network
Management and Monitoring Configuration Guide. For more information
about file system management, see "Managing the file system."
IMPORTANT:
Only the security-audit user role has access to security log files. You cannot
assign the security-audit user role to non-AAA authentication users.
18