Check Levels

This scenario shows how to configure different user-levels for operational commands.

Lower Command User Level

Description

This example demonstrates how to lower the permissions needed to execute a specific operational command.

Scenario

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$H67bH7uVevNZTmaB$IFeOP/u/6vT20ThbrCjvn/mvhoFBz3snwX2Pt1b8oUDzoaArcyXNTyBUxyRzUFtFiHcvMsJwACgEQy8u/VQg8/'
set system login user teldat role monitor

Step 2: Run command show running at DUT0 and check if output contains the following tokens:

Insufficient privileges

Step 3: Login as admin user on DUT0.

Step 4: Modify the following configuration lines in DUT0:

set user-level 0 command 'show running'

Step 5: Run command show running at DUT0 and expect this output:

Step 6: Login as admin user on DUT0.

Raise Command User Level

Description

This example demonstrates how to raise the permissions needed to execute a specific operational command.

Scenario

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$cpe/df5wqH9khJ5a$rKZjkBYlKWEEJNlNnGvx2fWqwQTN8ejcqjwN4F1np0S3ugnxwfeOnNpe.augIGSKthde5CLg1wO1N59FTIC9..'
set system login user teldat role monitor

Step 2: Run command system login show users at DUT0 and expect this output:

Step 3: Login as admin user on DUT0.

Step 4: Modify the following configuration lines in DUT0:

set user-level 15 command 'system login show users'

Step 5: Run command show running at DUT0 and check if output contains the following tokens:

Insufficient privileges

Step 6: Login as admin user on DUT0.

Customize Multi-option Command

Description

This example demonstrates how to prohibit the use of some options in a specific operational command.

Scenario

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$43IVSAIpeErH5/PV$StLN55YSvWnEFhcSx0zUAbooPxfnFOvW8KQ7./pOKJLMY5kSm5pUY0WKeSuwgfa2vinlmuzPwhMk8iFxI1ERu0'
set system login user teldat role monitor

Step 2: Run command system conntrack show protocol tcp at DUT0 and expect this output:

Step 3: Login as admin user on DUT0.

Step 4: Modify the following configuration lines in DUT0:

set user-level 15 command 'system conntrack show protocol <txt>'

Step 5: Run command system conntrack show protocol tcp at DUT0 and check if output contains the following tokens:

Insufficient privileges

Step 6: Login as admin user on DUT0.

Customize File Pipe Command

Description

This example demonstrates how to lower the permissions needed to execute both the file pipe and the operational command.

Scenario

Step 1: Set the following configuration in DUT0:

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$at2TvzAiuz3/zAqk$SPV.2/JnN4O7g67cx3OsL6Gk0.wK2ytRYuJy5Bd00M1VbACJ1fY2Iu/fZEh52ST40ElnXrve1BeQQa3qPmqXA1'
set system login user teldat role monitor

Step 2: Run command system login show users | file at DUT0 and expect this output:

Step 3: Login as admin user on DUT0.

Step 4: Modify the following configuration lines in DUT0:

set user-level 10 command file

Step 5: Run command system login show users | file at DUT0 and check if output contains the following tokens:

Insufficient privileges

Step 6: Login as admin user on DUT0.