[Contents] [Prev] [Next] [Index] [Report an Error]

Example 2: Configuring Access Privileges to Individual Operational Mode Commands

Configure permissions for individual operational mode commands:

[edit]
system {
login {
# This login class has operator privileges and the additional ability to reboot the
# router.
class operator-and-boot {
permissions [ clear network reset trace view ];
allow-commands "request system reboot";
}
# This login class has operator privileges but can't use any commands beginning
# with “set” .
class operator-no-set {
permissions [ clear network reset trace view ];
deny-commands "^set";
}
# This login class has operator privileges and can install software but not view
# BGP information, and can issue the show route command, without specifying
# commands or arguments under it.
class operator-and-install-but-no-bgp {
permissions [ clear network reset trace view ];
allow-commands "(request system software add)|(show route$)";
deny-commands "show bgp";
}
}
}
[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.