[an error occurred while processing this directive][an error occurred while processing this directive]

Example: Configuring Access Privileges for Operational Mode Commands

The following example shows how to configure access privileges for different login classes for individual operational mode commands:

[edit]system {# This login class has operator privileges and the additional ability
to reboot the router.
login {# This login class has operator privileges and the additional ability to reboot the # router.class operator-and-boot {permissions [ clear network reset trace view ];allow-commands "request system reboot";}# This login class has operator privileges but can't use any commands beginning # with “set” .# This login class has operator privileges
but cannot use any commands beginning with “set”
class operator-no-set {permissions [ clear network reset trace view ];deny-commands "^set";}
# This login class has operator privileges and can install software but not view # BGP information, and can issue the show route command, without specifying # commands or arguments under it.class operator-and-install-but-no-bgp {permissions [ clear network reset trace view ];allow-commands "(request system software add)|(show route$)";deny-commands "show bgp";}}
}

Published: 2010-04-26

[an error occurred while processing this directive]