Check Levels

This scenario shows how to configure different user-levels for operational commands.

Lower Command User Level

Description

This example demonstrates how to lower the permissions needed to execute a specific operational command.

Scenario

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$ykmeN0mKJBeGLmj5$N6XvNAqVHftCss5QORmP0byRDmoxeoOOOBcfCa7xVTI0qHAwGpJ6ouKYtHqtiqK21kmuo5o0jbeBbVaVRz81a1'
set system login user teldat role monitor

Step 2: Run command show running at DUT0 and check if output contains the following tokens:

Insufficient privileges

Step 3: Login as admin user on DUT0.

Step 4: Modify the following configuration lines in DUT0:

set user-level 0 command 'show running'

Step 5: Run command show running at DUT0 and expect this output:

Step 6: Login as admin user on DUT0.

Raise Command User Level

Description

This example demonstrates how to raise the permissions needed to execute a specific operational command.

Scenario

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$NbZv4vSH8Qz8c0SD$7W8L5IKM2ayYLFUNWBrE0OYMZv/ua8f/X4erSuK3YPXeBOyLOYLinklYlwZU0j5Ht4Jk8c/VL2usmXLxf/jLh.'
set system login user teldat role monitor

Step 2: Run command system login show users at DUT0 and expect this output:

Step 3: Login as admin user on DUT0.

Step 4: Modify the following configuration lines in DUT0:

set user-level 15 command 'system login show users'

Step 5: Run command show running at DUT0 and check if output contains the following tokens:

Insufficient privileges

Step 6: Login as admin user on DUT0.

Customize Multi-option Command

Description

This example demonstrates how to prohibit the use of some options in a specific operational command.

Scenario

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$ibIfzpavbNWsqpD8$hX/7RpqhTvwxmCBu/61Do/GWsyG97gQWUG7c6PqpEFVVYHfrcAOTWsuFI56hS8lY4tJGYUHKqhv9BSpWa9r1/0'
set system login user teldat role monitor

Step 2: Run command system conntrack show protocol tcp at DUT0 and expect this output:

Step 3: Login as admin user on DUT0.

Step 4: Modify the following configuration lines in DUT0:

set user-level 15 command 'system conntrack show protocol <txt>'

Step 5: Run command system conntrack show protocol tcp at DUT0 and check if output contains the following tokens:

Insufficient privileges

Step 6: Login as admin user on DUT0.

Customize File Pipe Command

Description

This example demonstrates how to lower the permissions needed to execute both the file pipe and the operational command.

Scenario

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$psWAUA.JegVw8T3j$rM0MnNXu/9BGjqGZnnXQ7otAb8YbOZWPvSkRSWT.cKqPSyzJf4LrTcoL8ROLRlASgwfRPzkl8os0dH42wEc23.'
set system login user teldat role monitor

Step 2: Run command system login show users | file at DUT0 and expect this output:

Step 3: Login as admin user on DUT0.

Step 4: Modify the following configuration lines in DUT0:

set user-level 10 command file

Step 5: Run command system login show users | file at DUT0 and check if output contains the following tokens:

Insufficient privileges

Step 6: Login as admin user on DUT0.