Permissions and Junos Scope Feature Access Privileges

Table 7 describes the authorization that a user group needs to perform Junos Scope software tasks and access devices on the network that have been configured for element management.

Users with none permission can view the same Junos Scope operations as a user with read-only permission. The difference is that users with none permission cannot see or access any devices.

Table 7: Junos Scope User Group Permissions and Access Privileges

Junos Scope Operation

Superuser

Read-Write

Read-Only

None

Comments

Installation

Install, reinstall, upgrade, or downgrade Junos Scope software

X

The Junos Scope software installation is performed by the application installer.

Upgrade Junos Scope from a previous release

If the installer upgrades the Junos Scope software from an earlier version, existing users are assign to one of the three predefined user groups (administrator, read-write user, and read-only user), based on their existing permission level. In other words, users with superuser permission are put into the administrator user group; users with read-write permission are put to the read-write user group; and users with read-only permission are put into the read-only user group.

Looking Glass

Query

X

X

X

X

Superuser, read-write, or read-only permission is required to access Looking Glass. Looking Glass reports require read-write or read-only permissions to a selected device. When a user, under a given user group, runs a query, the Device list is populated only with devices with read or read-write access.

Configuration Manager

Configuration Browser

X

X

X

X

Superuser, read-write, or read-only permission is required for a user to browse a device configuration. Read-write or read-only permission is required for a user to browse a device configuration. The Device drop-down list box is populated only with devices with read-write or read-only access.

Configuration Editor

X

X

Superuser or read-write is required for a user to edit a device configuration. Read-write permission is required for a user to edit a device configuration. The Device drop-down list box is populated only with devices with read-write access.

Archive

X

X

Superuser or read-write permission is required for a user in a user group to archive a configuration in the Junos Scope repository. The Group and Select Device(s) drop-down list boxes are populated only with groups or devices with read-write access.

Archive Tag

X

X

Superuser or read-write permission is required to use Archive Tags. The Selected Device(s) drop-down list box is populated only with devices with read-write access. The group drop-down list box is populated with device groups with read-write access.

Audit Configurations

X

X

Superuser or read-write permission is required to use Audit Configurations. The Selected Device(s) drop-down list box is populated only with devices with read-write access. The group drop-down list box is populated with device groups with read-write access.

Audit Partial Configuration

X

X

Superuser or read-write permission is required to use Audit Partial Configurations. The Select Device(s) drop-down list box is populated only with devices with read-write access. The group drop-down list box is populated with device groups with read-write access.

Import

X

X

Superuser or read-write permission is required for a user to import a configuration into the Junos Scope repository. Importing a configuration does not have any association with a device, therefore the user group requirement for import is read-write access for any device.

Compare

X

X

X

X

Superuser, read-write, or read-only permission is required for a user to compare configuration file versions in the Junos Scope repository. The Device drop-down list box is populated only with devices with read-write or read-only access.

Display

X

X

X

Superuser or read-write permission is required for a user to view a configuration file in the Junos Scope repository. The Device drop-down list box is populated only with devices with read-write or read-only access.

Transfer on Commit

X

X

-

-

Superuser or read-write permission is required to use Transfer on Commit. The Selected Device(s) drop-down list box is populated only with devices with read-write access. The group drop-down list box is populated with device groups with read-write access.

Config Associations

X

X

-

-

Superuser or read-write permission is required to use Config Associations. The Selected Device(s) drop-down list box is populated only with devices with read-write access. The group drop-down list box is populated with device groups with read-write access.

Restore

X

X

Superuser or read-write permission is required to restore a device configuration. The Device drop-down is populated only with devices with read-write access.

Load Configuration

X

X

Read-write permission is required for a user to deploy an imported configuration file to multiple routers and perform a simultaneous update of configurations on these devices. The Select Device(s) drop-down list box is populated only with devices with read-write access. The group drop-down list box is populated with device groups with read-write access.

Delete

X

X

Superuser or read-write permission is required to delete an imported configuration file. The name column lists the imported configuration files in the CVS repository.

Edit

X

X

Superuser or read-write permission is required to edit a configuration file. The Configuration File drop-down list box lists archived configuration files and the Device drop-down list box lists the devices from which the configuration file has been archived.

Save

X

X

Superuser or read-write permission is required to save a configuration file to a local machine. The Configuration File drop-down list box lists archived configuration files and the Device drop-down list box lists the devices from which the configuration file has been archived.

Scripts

X

X

Superuser or read-write permission is required to manage Junos OS-based scripts. Junos OS-based scripts such as commit scripts, operation (op) scripts, and event scripts can be imported into the Junos Scope CVS repository from the local file system and deployed to a group of routers.You can also view, edit, compare, and disable these scripts.

Inventory Management

     

Scan

X

X

Superuser or read-write permission is required to scan a device for inventory. The Group and the Select Device(s) drop-down list box is populated only with groups or devices with read-write access.

Reports > Inventory

X

X

X

X

Superuser, read-write, ore read-only permission is required to view inventory reports. The Device drop-down list box in the Search and Advanced Query dialog boxes are limited to those devices with read or read-write access. In the Custom Report page, only those reports created by users in the same user group are visible. Read-only users cannot save or delete custom reports.

Reports > Demo

X

X

X

X

Superuser, read-write, ore read-only permission is required to view Demo reports. Read-only users cannot save or delete custom reports.

Repository > Schedule

X

X

Superuser or read-write permission is required.

Repository > View

X

X

Superuser or read-write permission is required.

Software Management

Images

X

Device read-write access is required for users in a user group to perform operations, including image import, download, install, and delete.

Monitor

Operations

X

X

X

X

Only those operations scheduled by users in the same user group are visible. Users in the Administrator user group can view all operations. Read-only users cannot delete operations.

Status

X

X

X

X

The Group and Selected Device drop-down list boxes are limited to those devices with read-only or read-write access. Even when All Devices is selected, a subset of the device operation status is shown, based on the user group. Users in the administrator user group can view all status.

Audit Log

X

Users in the administrator user group can only view Audit Log events.

Purge

X

Users in the administrator user group can purge Status records and Audit Log events.

Settings

Authentication Information

X

Only users in the administrator user group can view this page.

Access Methods

X

Only users in the administrator user group can view this page.

Devices

X

Only users in the administrator user group can view this page.

Groups

X

Only users in the administrator user group can view this page.

Labels

X

Only users in the administrator user group can view this page.

Schedules

X

Only users in the administrator user group can view this page.

Users > Local Authentication

X

Only users in the administrator user group can view this page.

Users > User Group Authorization

X

Only users in the administrator user group can view this page.

User > Authentication Policy > Global Authentication

X

Only users in the administrator user group can view this page.

User > Authentication Policy > User Authentication Policy

X

Only users in the administrator user group can view this page.

RADIUS Configuration

X

Only users in the administrator user group can view this page.

Import/Export Data

X

Only users in the administrator user group can view this page.

Saved Operations

X

X

Only those operations saved by users in the same user group are visible in the Available Operations list box, in the Add Compound Operations dialog box.