[Contents] [Prev] [Next] [Index] [Report an Error]

Example 1: Defining Access Privileges to Individual Operational Mode Commands

The following examples define user access privileges to individual operational mode commands.

If the following statement is included in the configuration and the user does not have the configure login class permission bit, the user can enter configuration mode:

[edit system login class class-name]
user@host# set allow-commands configure

If the following statement is included in the configuration and the user does not have the configure login class permission bit, the user can enter configuration exclusive mode:

[edit system login class class-name]
user@host# set allow-commands "configure exclusive"

Note: You cannot use runtime variables. In the following example, the runtime variable 1.2.3.4 cannot be used:

[edit system login class class-name]
user@host# set deny-commands "show bgp neighbor 1.2.3.4"

[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.