Mode: Configuration Mode


The require statement specifies which predefined JUNOS permissions class is required to execute the command. If more than one class listed, any of the classes is required (the list is treated as a logical OR). If permissions are not set on a particular command, the command inherits its permissions from its parent. This means that entire branches of the hierarchies can be controlled by a single command placed at the level from which control is desired.

These predefined permissions classes are valid:

	access			Can view access
	access-control		Can alter access
	admin			Can view user accounts
	admin-control		Can modify user accounts
	all			All view permission bits allowed
	clear			Can clear learned network information
	configure		Can enter configuration mode
	control			Can modify any configuration
	edit			Can edit full files
	field			Can use field debug commands
	firewall		Can view firewall settings
	firewall-control	Can modify firewall settings
	flow-tap		Can view flow-tap configuration
	flow-tap-control	Can modify flow-tap configuration
	flow-tap-operation	Can tap flows
	floppy			Can read and write the floppy
	interface		Can view interface configuration
	interface-control	Can modify interface configuration
	maintenance 		Can become the super-user
	network			Can access the network
	reset			Can reset and restart interfaces and processes
	rollback		Can roll back n > 0
	routing			Can view routing configuration
	routing-control		Can modify routing configuration
	secret			Can view secret statements
	secret-control		Can modify secret statements
	security		Can view security configuration
	security-control	Can modify security configuration
	shell			Can start a local shell
	snmp			Can view SNMP configuration
	snmp-control		Can modify SNMP configuration
	system			Can view system configuration
	system-control		Can modify system configuration
	trace			Can view trace file settings
	trace-control		Can modify trace file settings
	view			Can view current values and statistics
	view-configuration	Can view all configuration (not including secrets)

Permission classes named -control have both read and write permissions. The other classes, (which have the -control counterparts,) have read-only permission.

Regardless of any other permissions, configure permission must be set to enter configuration mode, and view permission must be set to use the show configuration command.


        object newbie {
            help "Newbie settings";

            attribute cellrate {
                help "Length of queue size";
                type uint;
                require wheel;


        newbie@router# show system
        login {
            class test-permission {
                permissions [ configure example-control view ];
            user newbie {
                uid 2000;
                class test-permission;
                authentication {
                    encrypted-password "$1$d.zTi3BY$duN."; ## SECRET-DATA
            user user {
                uid 1001;
                class super-user;
                authentication {
                    encrypted-password "skj12dlaksg"; ## SECRET-DATA


        Logged in as newbie:

        newbie@router# set example ?
        Possible completion:


        Logged in as user:

        user@router# set example ?
        Possible completions:
        > newbie               Newbie settings
        user@router# set example newbie cellrate 384

        user@router# show example
        newbie {
            cellrate 384;


Topics for further reading:

See also:

Reference (to programmers guide/style guide):

2007-2008 Juniper Networks, Inc. All rights reserved. The information contained herein is confidential information of Juniper Networks, Inc., and may not be used, disclosed, distributed, modified, or copied without the prior written consent of Juniper Networks, Inc. in an express license. This information is subject to change by Juniper Networks, Inc. Juniper Networks, the Juniper Networks logo, and JUNOS are trademarks of Juniper Networks, Inc.
Generated on Sun May 30 20:23:12 2010 for DDL Reference Guide by doxygen 1.4.5