Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?




Hierarchy Level


Enable additive logic (that is, deny all by default / allow some as specified) to be used in regular expressions.

This statement changes the behavior of existing regular expressions so that all configuration hierarchies are denied by default and must be explicitly allowed using the allow-configuration-regexps statement.

For example, to grant users in a named user class access to a specific configuration hierarchy, but deny access to all other configuration hierarchies, enable the regex-additive-logic statement and configure an allow-configuration-regexps statement that includes the specific configuration hierarchy to which you want to allow access. When a user logs in, only the specified configuration hierarchy is visible.


By default, this statement is disabled; configuration hierarchies not explicitly denied with a deny-configuration-regexps statement are visible to the user.

Required Privilege Level

admin—To view this statement in the configuration.

admin-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 16.1.