Access Privilege User Permissions Flag Overview

Permission flags are used to grant a user access to operational commands and configuration statements. By specifying a specific permission flag on the user's login class at the [edit system login class] hierarchy level, you grant the user access to the corresponding commands and configuration statements. To grant access to all commands and configuration statements, use the all permission flag.

For permission flags that grant access to configuration statements, the flag grants read-only privilege to that configuration. For example, the interface permission flag grants read-only access to the [edit interfaces] hierarchy level. The -control form of the flag grants read-write access to that configuration. Using the preceding example, interface-control grants read-write access to the [edit interfaces] hierarchy level.

The following list includes permission flags that grant a specific set of access privileges. Each permission flag is listed with the operational commands and configuration statements for which that flag grants access.

Note: Each command listed represents that command and all subcommands with that command as a prefix. Each configuration statement listed represents the top of the configuration hierarchy to which that flag grants access.

• access
• admin
• clear
• configure
• firewall
• flow tap
• interface
• maintenance
• network
• pgcp-session-mirroring
• reset
• routing
• security
• shell
• snmp
• system
• trace
• view