[Contents] [Prev] [Next] [Index] [Report an Error]

Example: Configuring Access Privileges to Individual Operational Mode Commands

Configure permissions for individual operational mode commands:

[edit]
system {
login {
# This login class has operator privileges and the additional ability to
# reboot the router.
class operator-and-boot {
permissions [ clear network reset trace view ];
allow-commands "request system reboot";
}
# This login class has operator privileges but can't use any command that
# begins with “set.”
class operator-no-set {
permissions [ clear network reset trace view ];
deny-commands "^set";
}
# This login class has operator privileges and can install software but not
# view bgp information, and can invoke show route without specifying commands
# or arguments under it.
class operator-and-install-but-no-bgp {
permissions [ clear network reset trace view ];
allow-commands "(request system software add)|(show route)";
deny-commands "show bgp";
}
}
}
[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.