Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
Related Documentation
- EX Series
- Specifying Access Privileges for Junos OS Operational Mode Commands
- J Series
- Specifying Access Privileges for Junos OS Operational Mode Commands
- M Series
- Specifying Access Privileges for Junos OS Operational Mode Commands
- MX Series
- Specifying Access Privileges for Junos OS Operational Mode Commands
- PTX Series
- Specifying Access Privileges for Junos OS Operational Mode Commands
- QFX Series
- Specifying Access Privileges for Junos OS Operational Mode Commands
- T Series
- Specifying Access Privileges for Junos OS Operational Mode Commands
Example: Configuring Access Privileges for Operational Mode Commands
The following example shows how to configure access privileges for different login classes for individual operational mode commands:
[edit]
system {# This login class has operator privileges and the additional
ability
# to reboot the router.login {# This login class has operator privileges and the additional ability to reboot the # router or switch.class operator-and-boot {permissions [ clear network reset trace view ];allow-commands "request system reboot";}# This login class has operator privileges but can't use any commands beginning # with “set” .# This login class has operator privileges
# but cannot use any commands beginning with “set” class operator-no-set {permissions [ clear network reset trace view ];deny-commands "^set";}# This login class has operator privileges and can install software but not view # BGP information, and can issue the show route command, without specifying # commands or arguments under it.class operator-and-install-but-no-bgp {permissions [ clear network reset trace view ];allow-commands "(request system software add)|(show route$)";deny-commands "show bgp";}}}
# to reboot the router.login {# This login class has operator privileges and the additional ability to reboot the # router or switch.class operator-and-boot {permissions [ clear network reset trace view ];allow-commands "request system reboot";}# This login class has operator privileges but can't use any commands beginning # with “set” .# This login class has operator privileges
# but cannot use any commands beginning with “set” class operator-no-set {permissions [ clear network reset trace view ];deny-commands "^set";}# This login class has operator privileges and can install software but not view # BGP information, and can issue the show route command, without specifying # commands or arguments under it.class operator-and-install-but-no-bgp {permissions [ clear network reset trace view ];allow-commands "(request system software add)|(show route$)";deny-commands "show bgp";}}}
Related Documentation
- EX Series
- Specifying Access Privileges for Junos OS Operational Mode Commands
- J Series
- Specifying Access Privileges for Junos OS Operational Mode Commands
- M Series
- Specifying Access Privileges for Junos OS Operational Mode Commands
- MX Series
- Specifying Access Privileges for Junos OS Operational Mode Commands
- PTX Series
- Specifying Access Privileges for Junos OS Operational Mode Commands
- QFX Series
- Specifying Access Privileges for Junos OS Operational Mode Commands
- T Series
- Specifying Access Privileges for Junos OS Operational Mode Commands
