Check Levels

This scenario shows how to configure different user-levels for operational commands.

Lower Command User Level

Description

This example demonstrates how to lower the permissions needed to execute a specific operational command.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$qXczOLbWQASRCYH1$NfKsxlwLPetQOHIUzrhI5E87wTN6PXwOQO/L9E9gcOH2lz1ag4OXKrGxCEx.FX1T96cBonABvBVNv44C5zRV00'
set system login user teldat role monitor

Step 2: Run the command show running on DUT0 and check whether the output contains the following tokens:

Insufficient privileges

Show output

CLI Error: Insufficient privileges

Step 3: Login as admin user on DUT0:

admin@osdx

Step 4: Modify the following configuration lines in DUT0 :

set user-level 0 command 'show running'

Step 5: Run the command show running on DUT0 and expect the following output:

Show output

# Teldat OSDx VM version v4.2.10.0
# Tue 19 May 2026 15:24:58 +00:00
# Warning: Configuration has not been saved
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$qXczOLbWQASRCYH1$NfKsxlwLPetQOHIUzrhI5E87wTN6PXwOQO/L9E9gcOH2lz1ag4OXKrGxCEx.FX1T96cBonABvBVNv44C5zRV00'
set system login user teldat role monitor
set user-level 0 command 'show running'

Step 6: Login as admin user on DUT0:

admin@osdx

---

Raise Command User Level

Description

This example demonstrates how to raise the permissions needed to execute a specific operational command.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$zVmP3G5Od/weqNmX$fTDbm9sh8Y6ll7dk0mqpeT4hqtms2k3EcpcMoD1zsOo7spAuu3BBjnndplPPUNK/XazeQ7NtwGJGgoKm.K3mj0'
set system login user teldat role monitor

Step 2: Run the command system login show users on DUT0 and expect the following output:

Show output

NAME     LINE         TIME             COMMENT
teldat   ttyS0        2026-05-19 15:25

Step 3: Login as admin user on DUT0:

admin@osdx

Step 4: Modify the following configuration lines in DUT0 :

set user-level 15 command 'system login show users'

Step 5: Run the command show running on DUT0 and check whether the output contains the following tokens:

Insufficient privileges

Show output

CLI Error: Insufficient privileges

Step 6: Login as admin user on DUT0:

admin@osdx

---

Customize Multi-option Command

Description

This example demonstrates how to prohibit the use of some options in a specific operational command.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$/0VGv7xbwVtZwTlq$mWmmWmosLcI1bpBjjkyqQHQ5lttIwSHgZsMgrxFyvSH9HQovJt.UuHLCoLxFn.q9vJRXA3aWs9IyHl5NRjXNt/'
set system login user teldat role monitor

Step 2: Run the command system conntrack show protocol tcp on DUT0 and expect the following output:

Show output

conntrack v1.4.7 (conntrack-tools): 0 flow entries have been shown.

Step 3: Login as admin user on DUT0:

admin@osdx

Step 4: Modify the following configuration lines in DUT0 :

set user-level 15 command 'system conntrack show protocol <txt>'

Step 5: Run the command system conntrack show protocol tcp on DUT0 and check whether the output contains the following tokens:

Insufficient privileges

Show output

CLI Error: Insufficient privileges

Step 6: Login as admin user on DUT0:

admin@osdx

---

Customize File Pipe Command

Description

This example demonstrates how to lower the permissions needed to execute both the file pipe and the operational command.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$7hFkOyy6jgQGsuxx$GUm/t1lf6kdnWYo.kgxJQz4GfHvd9zEQQalwmqmlYcC8hDlFEZ262RE9LxmOt3nkh0MCsCQOD5gXsgY3JxOfz0'
set system login user teldat role monitor

Step 2: Run the command system login show users | file on DUT0 and expect the following output:

Show output

Command's output saved under "support/system_login_show_users_2026-05-19-152529"
Filesize: 153.000 B

Step 3: Login as admin user on DUT0:

admin@osdx

Step 4: Modify the following configuration lines in DUT0 :

set user-level 10 command file

Step 5: Run the command system login show users | file on DUT0 and check whether the output contains the following tokens:

Insufficient privileges

Show output

CLI Error: Insufficient privileges to use 'file' pipe
CLI Error: Command error

Step 6: Login as admin user on DUT0:

admin@osdx

---