beautypg.com

Denying or allowing individual commands, Template accounts – Juniper Networks J-Series User Manual

Page 29

background image

Table 7: Permission Bits for Login Classes (continued)

Access

Permission Bit

Can view general routing, routing protocol, and routing policy configuration information
and configure general routing (at the

[edit routing-options]

hierarchy level), routing

protocols (at the

[edit protocols]

hierarchy level), and routing policy (at the

[edit

policy-options]

hierarchy level).

routing-control

Can view passwords and other authentication keys in the configuration.

secret

Can view passwords and other authentication keys in the configuration and can modify
them in configuration mode.

secret-control

Can view security configuration in configuration mode and with the

show configuration

operational mode command.

security

Can view and configure security information (at the

[edit security]

hierarchy level).

security-control

Can start a local shell on the router by entering the

start shell

command.

shell

Can view SNMP configuration information in configuration and operational modes.

snmp

Can view SNMP configuration information and configure SNMP (at the

[edit snmp]

hierarchy level).

snmp-control

Can view system-level information in configuration and operational modes.

system

Can view system-level configuration information and configure it (at the

[edit system]

hierarchy level).

system-control

Can view trace file settings in configuration and operational modes.

trace

Can view trace file settings and configure trace file properties.

trace-control

Can use various commands to display current systemwide, routing table, and
protocol-specific values and statistics.

view

Denying or Allowing Individual Commands

By default, all top-level CLI commands have associated access privilege levels. Users
can execute only those commands and view only those statements for which they
have access privileges. For each login class, you can explicitly deny or allow the use
of operational and configuration mode commands that are otherwise permitted or
not allowed by a permission bit.

Template Accounts

You use local user template accounts when you need different types of templates.
Each template can define a different set of permissions appropriate for the group of
users who use that template. These templates are defined locally on the Services
Router and referenced by the TACACS+ and RADIUS authentication servers.

User Authentication Overview

7

Chapter 1: Managing User Authentication and Access

See also other documents in the category Juniper Networks Hardware: