Support User Manuals

Juniper Networks J-Series Network Router User Manual

Open as PDF

of 332

Table 7: Permission Bits for Login Classes (continued)

AccessPermission Bit

Can view general routing, routing protocol, and routing policy configuration information

and configure general routing (at the [edit routing-options] hierarchy level), routing

protocols (at the [edit protocols] hierarchy level), and routing policy (at the [edit

policy-options] hierarchy level).

routing-control

Can view passwords and other authentication keys in the configuration.

secret

Can view passwords and other authentication keys in the configuration and can modify

them in configuration mode.

secret-control

Can view security configuration in configuration mode and with the show configuration

operational mode command.

security

Can view and configure security information (at the [edit security] hierarchy level).security-control

Can start a local shell on the router by entering the start shell command.shell

Can view SNMP configuration information in configuration and operational modes.

snmp

Can view SNMP configuration information and configure SNMP (at the [edit snmp]

hierarchy level).

snmp-control

Can view system-level information in configuration and operational modes.

system

Can view system-level configuration information and configure it (at the [edit system]

hierarchy level).

system-control

Can view trace file settings in configuration and operational modes.

trace

Can view trace file settings and configure trace file properties.

trace-control

Can use various commands to display current systemwide, routing table, and

protocol-specific values and statistics.

view

Denying or Allowing Individual Commands

By default, all top-level CLI commands have associated access privilege levels. Users

can execute only those commands and view only those statements for which they

have access privileges. For each login class, you can explicitly deny or allow the use

of operational and configuration mode commands that are otherwise permitted or

not allowed by a permission bit.

Template Accounts

You use local user template accounts when you need different types of templates.

Each template can define a different set of permissions appropriate for the group of

users who use that template. These templates are defined locally on the Services

Router and referenced by the TACACS+ and RADIUS authentication servers.

User Authentication Overview ■ 7

Chapter 1: Managing User Authentication and Access

previous next