Check Levels

This scenario shows how to configure different user-levels for operational commands.

Lower Command User Level

Description

This example demonstrates how to lower the permissions needed to execute a specific operational command.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$f.DEyEdbIl6vtORf$cnNZuOlpiYdPhzQhyPog3uEljsSCdHBSrHsQWnjlT8K5LUc97hqz11mZy1UnsNmjAEGcJowo29g.P4Du1D7lJ1'
set system login user teldat role monitor

Step 2: Run the command show running on DUT0 and check whether the output contains the following tokens:

Insufficient privileges

Show output

CLI Error: Insufficient privileges

Step 3: Login as admin user on DUT0:

admin@osdx

Step 4: Modify the following configuration lines in DUT0 :

set user-level 0 command 'show running'

Step 5: Run the command show running on DUT0 and expect the following output:

Show output

# Teldat OSDx VM version v4.2.10.1
# Wed 03 Jun 2026 12:23:18 +00:00
# Warning: Configuration has not been saved
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$f.DEyEdbIl6vtORf$cnNZuOlpiYdPhzQhyPog3uEljsSCdHBSrHsQWnjlT8K5LUc97hqz11mZy1UnsNmjAEGcJowo29g.P4Du1D7lJ1'
set system login user teldat role monitor
set user-level 0 command 'show running'

Step 6: Login as admin user on DUT0:

admin@osdx

---

Raise Command User Level

Description

This example demonstrates how to raise the permissions needed to execute a specific operational command.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$Iy.r.oxJ1HjkK38k$gdC8sC9d10hiv1bF98dPYGBaMLQNodEuv5mYgmm1.XNPk7YChtBMgN/cyMALqqEMayLik56WFgbPmGNaNWHS5/'
set system login user teldat role monitor

Step 2: Run the command system login show users on DUT0 and expect the following output:

Show output

NAME     LINE         TIME             COMMENT
teldat   ttyS0        2026-06-03 12:23

Step 3: Login as admin user on DUT0:

admin@osdx

Step 4: Modify the following configuration lines in DUT0 :

set user-level 15 command 'system login show users'

Step 5: Run the command show running on DUT0 and check whether the output contains the following tokens:

Insufficient privileges

Show output

CLI Error: Insufficient privileges

Step 6: Login as admin user on DUT0:

admin@osdx

---

Customize Multi-option Command

Description

This example demonstrates how to prohibit the use of some options in a specific operational command.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$gtJ4D9VbQ5EcEoDm$yA/SCw50CNrXqleLrOdrt2mc2tpCj1jxzFVcWPxdbkeJlAAcG.Q2lJMmmZVpXokAs2XjXJm4C3aSvjECsbLT21'
set system login user teldat role monitor

Step 2: Run the command system conntrack show protocol tcp on DUT0 and expect the following output:

Show output

conntrack v1.4.7 (conntrack-tools): 0 flow entries have been shown.

Step 3: Login as admin user on DUT0:

admin@osdx

Step 4: Modify the following configuration lines in DUT0 :

set user-level 15 command 'system conntrack show protocol <txt>'

Step 5: Run the command system conntrack show protocol tcp on DUT0 and check whether the output contains the following tokens:

Insufficient privileges

Show output

CLI Error: Insufficient privileges

Step 6: Login as admin user on DUT0:

admin@osdx

---

Customize File Pipe Command

Description

This example demonstrates how to lower the permissions needed to execute both the file pipe and the operational command.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$vPWgDS3jMstHMzJi$le0fBeEqnXqeJyub0Tr6y.5/85yPTHw52o5B.NJ2rmhOHTFpaK.7WGoBdRa1QwQHmxwhL4N10kVWsRtLWcWAU.'
set system login user teldat role monitor

Step 2: Run the command system login show users | file on DUT0 and expect the following output:

Show output

Command's output saved under "support/system_login_show_users_2026-06-03-122356"
Filesize: 153.000 B

Step 3: Login as admin user on DUT0:

admin@osdx

Step 4: Modify the following configuration lines in DUT0 :

set user-level 10 command file

Step 5: Run the command system login show users | file on DUT0 and check whether the output contains the following tokens:

Insufficient privileges

Show output

CLI Error: Insufficient privileges to use 'file' pipe
CLI Error: Command error

Step 6: Login as admin user on DUT0:

admin@osdx

---