Check Levels

This scenario shows how to configure different user-levels for operational commands.

Lower Command User Level

Description

This example demonstrates how to lower the permissions needed to execute a specific operational command.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$B9eW3rAR3saSEoty$8O56PzK1f.ZS8qpfWWVzGsUFKowz.Qj34WHNrSiq0GPIIpCsOS501ALlRrOu3Mk1PaMn4XkKUdfVANPRl/w4v1'
set system login user teldat role monitor

Step 2: Run command show running at DUT0 and check if output contains the following tokens:

Insufficient privileges

Step 3: Login as admin user on DUT0.

Step 4: Modify the following configuration lines in DUT0 :

set user-level 0 command 'show running'

Step 5: Run command show running at DUT0 and expect this output:

Step 6: Login as admin user on DUT0.

Raise Command User Level

Description

This example demonstrates how to raise the permissions needed to execute a specific operational command.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$41sN.nTz1vdnSFp/$/EBUX5RdON/L9I81gUXXKBcJTbfEExo5EWNcqjSfhsm95FSY1VOYun5ZfQ/9igOn6Rwv/hgmNht5WF.eFyj/Y0'
set system login user teldat role monitor

Step 2: Run command system login show users at DUT0 and expect this output:

Step 3: Login as admin user on DUT0.

Step 4: Modify the following configuration lines in DUT0 :

set user-level 15 command 'system login show users'

Step 5: Run command show running at DUT0 and check if output contains the following tokens:

Insufficient privileges

Step 6: Login as admin user on DUT0.

Customize Multi-option Command

Description

This example demonstrates how to prohibit the use of some options in a specific operational command.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$b.EePnX5syjYSoh/$bn8cU6TRpOPg12dSazp2pW1TDT0bzVLChep/DwPe1DiFeF2I2w0Y4OBAvYWBrZV0/tN8m1fnvCHFF.aeqgBDA/'
set system login user teldat role monitor

Step 2: Run command system conntrack show protocol tcp at DUT0 and expect this output:

Step 3: Login as admin user on DUT0.

Step 4: Modify the following configuration lines in DUT0 :

set user-level 15 command 'system conntrack show protocol <txt>'

Step 5: Run command system conntrack show protocol tcp at DUT0 and check if output contains the following tokens:

Insufficient privileges

Step 6: Login as admin user on DUT0.

Customize File Pipe Command

Description

This example demonstrates how to lower the permissions needed to execute both the file pipe and the operational command.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$dQSj4zUzXMDZSa4Z$o283igse6FAdgF0MM.SUoCP4/XViiityEhnZg85dIRioi54sYqPI7jHeBPd3FIn7Mt2EW91KfNQYL9otXBjsn.'
set system login user teldat role monitor

Step 2: Run command system login show users | file at DUT0 and expect this output:

Step 3: Login as admin user on DUT0.

Step 4: Modify the following configuration lines in DUT0 :

set user-level 10 command file

Step 5: Run command system login show users | file at DUT0 and check if output contains the following tokens:

Insufficient privileges

Step 6: Login as admin user on DUT0.