Privilege Level for HPE Comware

HPE Comware is a network operating system (NOS) developed by Hewlett Packard Enterprise (HPE) for its networking devices, especially HPE FlexNetwork and Comware-based switches and routers.

This helps to securely access device configurations and accurately assess policy compliance.

Configuration of HPE Comware 5 and HPE Comware 7

Follow the steps to configure Comware 5 and Comware 7. Users are added using Command Line Interface.

Configuring username and password for Comware 5 on Command Line Interface (CLI)

  1.  Enter the command local-user to configure a username and password to add a user.
    This creates a username. For example, local-user scanuser1

  2. Assign password: password (simple/cipher/hash) <password>.
    For example: password simple ****
  3. Add service type to assign SSH access for the user.
    For example: service-type ssh.
  4. Add authorization attribute level 2 (config operator) required to run the command screen-length disable for loading full output of commands.
    For example: authorization-attribute level 2
  5. To verify the privileges, enter the command display local-user to check the list and search for the newly created scan account (for example - scanuser1).
    You can view the information as:

    Sample Output:

    The contents of local user scanuser1:
    State: Active
    ServiceType: ssh
    Access-limit: Disabled
    Current AccessNum: 1

     User-group: system:    		  
     Bind attributes:  
    Authorization attributes:  
      User Privilege:  2

 To configure HPE Comware 5,  the user privilege is to be at level 2 to scan & execute all commands.

Configuring username and password for Comware 7 on Command Line Interface (CLI)

  1.  Entering the command local-user <user-name> class manage to configure a username and password to add a user.
    This creates a username. For example, local-user scanuser1 class manage
  2.  Assign password: password (simple/cipher) <password>.
    For example: password simple ****
  3.  Add service type to assign SSH access for the user.
    For example: service-type ssh.
  4. Add the authorization attribute network-admin required to run the command 'screen-length disable' for loading the full output of commands.
    For example: authorization-attribute user-role network-admin
  5. To verify the privileges, enter the command display local-user to check the list and search for the newly created scan account (for example - scanuser1). You can view the information as:

    Sample Output:
    Device Management user scanuser1:
     
    State: Active
    ServiceType: SSH/Telnet/Terminal/HTTP/HTTPS
    User-group: system
    Current AccessNum: 1
    Bind attributes:  
    Authorization attributes:  
    Work directory: flash:  
    User role list: network-admin 2

 To configure HPE Comware 7,  the user role list to have the network-admin privilege to scan & execute all commands.

 

© 2026 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: February, 2026