TechLibrary

Table of Contents

Guide That Contains This Content

[+] Expand All

[-] Collapse All

Junos OS Login Classes Overview

All users who can log in to the router or switch must be in a login class. With login classes, you define the following:

Access privileges that users have when they are logged in to the router or switch
Commands and statements that users can and cannot specify
How long a login session can be idle before it times out and the user is logged out

You can define any number of login classes and then apply one login class to an individual user account.

The Junos OS contains a few predefined login classes, which are listed in Table 1. The predefined login classes cannot be modified.

Login Class	Permission Flag Set
operator	clear, network, reset, trace, and view
read-only	view
superuser or super-user	all
unauthorized	None

You cannot modify a predefined login class name. If you issue the set command on a predefined class name, the Junos OS appends -local to the login class name. The following message also appears:
warning: '<class-name>' is a predefined class name; changing to '<class-name>-local'
You cannot issue the rename or copy command on a predefined login class. Doing so results in the following error message:
error: target '<class-name>' is a predefined class