Junos OS Login Classes Overview
All users who can log in to the router must be in a login class. With login classes, you define the following:
- Access privileges users have when they are logged in to the router
- Commands and statements that users can and cannot specify
- How long a login session can be idle before it times out and the user is logged out
You can define any number of login classes and then apply one login class to an individual user account
The Junos OS contains a few predefined login classes, which are listed in Table 1. The predefined login classes cannot be modified.
Table 1: Default System Login Classes
Login Class | Permission Flag Set |
|---|---|
operator | clear, network, reset, trace, view |
read-only | view |
super-user | all |
unauthorized | None |
 | Note: You cannot modify a predefined login class name. If you issue the set command on a predefined class name, the Junos OS will append -local to the login class name. The following message also appears: warning: '<class-name>' is a predefined
class name; changing to '<class-name>-local' |
| Note: You cannot issue the rename or copy command on a predefined login class. Doing so results in the following error message: error: target '<class-name>' is
a predefined class |
