Check Levels

This scenario shows how to configure different user-levels for operational commands.

Lower Command User Level

Description

This example demonstrates how to lower the permissions needed to execute a specific operational command.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$Xpi4HvicfFK3tYfm$JXga2udT9R615iKAwTibQUPfSsyqou5LEKgKe8CUm668rVVU6pxi99ktfLpb5O8om7B5E6sfXAMUsfGPlLdAb1'
set system login user teldat role monitor

Step 2: Run command show running at DUT0 and check if output contains the following tokens:

Insufficient privileges

Step 3: Login as admin user on DUT0.

Step 4: Modify the following configuration lines in DUT0 :

set user-level 0 command 'show running'

Step 5: Run command show running at DUT0 and expect this output:

Step 6: Login as admin user on DUT0.

Raise Command User Level

Description

This example demonstrates how to raise the permissions needed to execute a specific operational command.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$tEaXMvNYjj5Mav4P$Qo3ZiiNuL1bu1n7sGdSL5eaVbZ2JM8g6sMixmFYsqM0/PIG0HL5efp6GsSY2avOOYltFu3CX5LVNfp1iiZsBa/'
set system login user teldat role monitor

Step 2: Run command system login show users at DUT0 and expect this output:

Step 3: Login as admin user on DUT0.

Step 4: Modify the following configuration lines in DUT0 :

set user-level 15 command 'system login show users'

Step 5: Run command show running at DUT0 and check if output contains the following tokens:

Insufficient privileges

Step 6: Login as admin user on DUT0.

Customize Multi-option Command

Description

This example demonstrates how to prohibit the use of some options in a specific operational command.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$/G5KOG39hNntPglj$kmDTzESBR1CYomKBcZrA.DAT8H/8SC..emi5UonZmTPCFl39EjnE.y9pAzICJyz/7e1hjFW.PcG2AeOSMVf081'
set system login user teldat role monitor

Step 2: Run command system conntrack show protocol tcp at DUT0 and expect this output:

Step 3: Login as admin user on DUT0.

Step 4: Modify the following configuration lines in DUT0 :

set user-level 15 command 'system conntrack show protocol <txt>'

Step 5: Run command system conntrack show protocol tcp at DUT0 and check if output contains the following tokens:

Insufficient privileges

Step 6: Login as admin user on DUT0.

Customize File Pipe Command

Description

This example demonstrates how to lower the permissions needed to execute both the file pipe and the operational command.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$iNAKR5VHljIxcW.a$TR7J7K0Cq6fNxmOO6/I6I4QzAq0NfGoljgADKplSlu0/HHqFEcMZk.O7CSXuIx7GTpSojAAkKysDmbXos4kP1.'
set system login user teldat role monitor

Step 2: Run command system login show users | file at DUT0 and expect this output:

Step 3: Login as admin user on DUT0.

Step 4: Modify the following configuration lines in DUT0 :

set user-level 10 command file

Step 5: Run command system login show users | file at DUT0 and check if output contains the following tokens:

Insufficient privileges

Step 6: Login as admin user on DUT0.