[an error occurred while processing this directive][an error occurred while processing this directive]

Example: Defining Access Privileges for Configuration Mode Commands

The following examples show how to configure access privileges for individual configuration mode commands.

If the following statement is included in the configuration and the user’s login class permission bit is set to all, the user cannot configure telnet parameters:

[edit system login class class-name]user@host# set deny-configuration "system services telnet"

If the following statement is included in the configuration and the user’s login class permission bit is set to all, the user cannot issue login class commands within any login class whose name begins with “m”:

[edit system login class class-name]user@host# set deny-configuration "system login class m.*"

If the following statement is included in the configuration and the user’s login class permission bit is set to all, the user cannot issue configuration mode commands at the login class or system services hierarchy levels:

[edit system login class class-name]user@host# set deny-configuration "(system login class) | (system services)"

The following example shows how to configure permissions for individual configuration mode commands:

[edit]system {login { # This login class has operator privileges and the additional ability to issue# commands at the system services hierarchy level.class only-system-services {permissions [ configure ];allow-configuration "system services";}# services commands.class all-except-system-services { # This login class has operator privileges but # cannot issue any system services commands.permissions [ all ];deny-configuration "system services";}}}

Published: 2010-04-26

[an error occurred while processing this directive]