Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?





Hierarchy Level

Release Information

Statement introduced in Junos OS Release 11.2.


Explicitly allow configuration access to specified hierarchies using regular expressions even if the permissions set with the permissions statement allow that access.

The statement deny-configuration-regexps takes precedence if it is used in the same login class definition.


The allow/deny-configuration and allow/deny-configuration-regexps statements are mutually exclusive and cannot be configured together for a login class. At a given point in time, a login class can include either the allow/deny-configuration statement, or the allow/deny-configuration-regexps statement. If you have existing configurations using the allow/deny-configuration statements, using the same configuration options with the allow/deny-configuration-regexps statements might not produce the same results, as the search and match methods differ in the two forms of these statements.


If you do not configure this statement or the deny-configuration-regexps statement, users can edit only those commands for which they have access privileges set with the permissions statement.


regular expression—Extended (modern) regular expression as defined in POSIX 1003.2. If the regular expression contains any spaces, operators, or wildcard characters, enclose it in quotation marks. Enter as many expressions as needed..

Required Privilege Level

admin—To view this statement in the configuration.

admin-control—To add this statement to the configuration.