Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
Example: Configuring Access Privileges for Operational Mode Commands
The following example shows how to configure access privileges for different login classes for individual operational mode commands:
[edit]system {# This login class has operator privileges and the additional
ability
to reboot the router.login {# This login class has operator privileges and the additional ability to reboot the # router.class operator-and-boot {permissions [ clear network reset trace view ];allow-commands "request system reboot";}# This login class has operator privileges but can't use any commands beginning # with “set” .# This login class has operator privileges
but cannot use any commands beginning with “set” class operator-no-set {permissions [ clear network reset trace view ];deny-commands "^set";}# This login class has operator privileges and can install software but not view # BGP information, and can issue the show route command, without specifying # commands or arguments under it.class operator-and-install-but-no-bgp {permissions [ clear network reset trace view ];allow-commands "(request system software add)|(show route$)";deny-commands "show bgp";}}}
to reboot the router.login {# This login class has operator privileges and the additional ability to reboot the # router.class operator-and-boot {permissions [ clear network reset trace view ];allow-commands "request system reboot";}# This login class has operator privileges but can't use any commands beginning # with “set” .# This login class has operator privileges
but cannot use any commands beginning with “set” class operator-no-set {permissions [ clear network reset trace view ];deny-commands "^set";}# This login class has operator privileges and can install software but not view # BGP information, and can issue the show route command, without specifying # commands or arguments under it.class operator-and-install-but-no-bgp {permissions [ clear network reset trace view ];allow-commands "(request system software add)|(show route$)";deny-commands "show bgp";}}}
