Juniper Networks J-Series Network Router User Manual


 
Table 7: Permission Bits for Login Classes (continued)
AccessPermission Bit
Can view general routing, routing protocol, and routing policy configuration information
and configure general routing (at the [edit routing-options] hierarchy level), routing
protocols (at the [edit protocols] hierarchy level), and routing policy (at the [edit
policy-options] hierarchy level).
routing-control
Can view passwords and other authentication keys in the configuration.
secret
Can view passwords and other authentication keys in the configuration and can modify
them in configuration mode.
secret-control
Can view security configuration in configuration mode and with the show configuration
operational mode command.
security
Can view and configure security information (at the [edit security] hierarchy level).security-control
Can start a local shell on the router by entering the start shell command.shell
Can view SNMP configuration information in configuration and operational modes.
snmp
Can view SNMP configuration information and configure SNMP (at the [edit snmp]
hierarchy level).
snmp-control
Can view system-level information in configuration and operational modes.
system
Can view system-level configuration information and configure it (at the [edit system]
hierarchy level).
system-control
Can view trace file settings in configuration and operational modes.
trace
Can view trace file settings and configure trace file properties.
trace-control
Can use various commands to display current systemwide, routing table, and
protocol-specific values and statistics.
view
Denying or Allowing Individual Commands
By default, all top-level CLI commands have associated access privilege levels. Users
can execute only those commands and view only those statements for which they
have access privileges. For each login class, you can explicitly deny or allow the use
of operational and configuration mode commands that are otherwise permitted or
not allowed by a permission bit.
Template Accounts
You use local user template accounts when you need different types of templates.
Each template can define a different set of permissions appropriate for the group of
users who use that template. These templates are defined locally on the Services
Router and referenced by the TACACS+ and RADIUS authentication servers.
User Authentication Overview 7
Chapter 1: Managing User Authentication and Access