Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


About the Roles Page

You are here: Device Administration > Users & Roles > Roles.

J-Web supports users’ authentication and authorization based on their roles. When root, tenant, or logical-system users log in to J-Web, their roles and access permissions determine the J-Web menus they can access and the tasks they can perform. For logical system and tenant users, the J-Web UI does not display menus for the restricted features.

Table 1 lists the details of the user role type, role scope, and access privilages.

Table 1: User Role Type, Role Scope, and Access Privilages
User Details Description
Role Type

Predefined roles

System-defined roles with a set of predefined access privileges assigned to a user to perform tasks within the J-Web UI. During Junos OS installation, predefined roles (super-user) are generated in the system.


A device-read-only role is a J-Web specific read-only predefined role. User with this role assigned can only view all the device details in the J-Web UI.

Custom roles

Customized (user-defined) roles with a set of access privileges assigned to a user to perform tasks within the J-Web UI. This includes the J-Web UI main menu and first-level sub-menu items (for example, Monitor, Device Administration, and Commit Configuration).

  • Users can only create roles if they are user administrators or super administrators, or if they have the create role permission.

  • You can only create, edit, or delete a customized role but not the predefined roles.

  • To view the CLI configuration changes before you commit the newly created role, select the role on the Roles page and click Commit> View Configuration Changes. The View Configuration Changes window displays which menus are read-only and hidden, allowed and denied configurations, and for which you have permissions.

Role Scope—A role scope defines the capabilities of the user.

The role scope option is only available on the SRX Series Firewalls that support multi-tenancy.


Users who are assigned with this role scope can view, configure, and manage root logical systems.


Users who are assigned with this role scope view, configure, and manage tenant system.

Logical System

Users who are assigned with this role scope view, configure, and manage logical system.

Access Privileges—A user role can be assigned with the access privileges and actions to access J-Web UI menus and sub-menus.

Full access

Users can perform all the menu actions.

Read-only access

Users have view-only permissions for the respective menus.

No access

Users do not have permission to perform the action.

Tasks You Can Perform

You can perform the following tasks from the Roles page:

  • Associate a role to users. To do this, click Users link available below the Roles page title to directly navigate to the Users page. Then, click + to add a new user with a role or select the existing user and click the pencil icon to modify the role. For more information, see Create a User.

  • View the details of a role. To do this, select an existing role and follow the available options:

    • Click More and select Detailed View.

    • Right-click on the selected role and select Detailed View.

    • Hover over to the left of the selected role name and click the Detailed View icon.

  • Create a role. See Create a Role.

  • Edit a role. See Edit a Role.

  • Delete a role. See Delete a Role.

  • Show or hide columns in the Roles table. To do this, click the Show Hide Columns icon in the top right corner of the Roles table. Then, select the options you want to view or clear the options you want to hide on the page.

  • Advance search for roles. To do this, use the search text box present above the table grid. The search includes the logical operators as part of the filter string. In the search text box, when you hover over the icon, it displays an example filter condition. When you start entering the search string, the icon indicates whether the filter string is valid or not.


    You can search only by role name.

    For an advanced search:

    1. Enter the search string in the text box.

    2. Select a value from the list and then select a valid operator based on which you want to perform the advanced search operation.


      Press Spacebar to add an AND operator or OR operator to the search string. Press backspace at any point of time while entering a search criteria, only one character is deleted.

    3. Press Enter to display the search results in the grid.

Field Descriptions

Table 2 describes the fields on the Roles page.

Table 2: Fields on the Roles Page




Displays the name of the role.

Role Scope

Displays the role scope. For example, Default, Tenant:<tenant-name>, and Logical System:<logical-system name>.


This option is only available on the SRX Series Firewalls that support multi-tenancy.


Displays whether the role is a predefined role or a custom role.