Check Levels

This scenario shows how to configure different user-levels for operational commands.

Lower Command User Level

Description

This example demonstrates how to lower the permissions needed to execute a specific operational command.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$xL2ILCdm4KsZ28vD$S7hC8exQzDg7IrW4cxyK8LE.cPia4S1c35eOwgniqAOQh60aZViSivtElWQoOGTxnFTWlfUGiZ5FkG5BAmIOs0'
set system login user teldat role monitor

Step 2: Run command show running at DUT0 and check if output contains the following tokens:

Insufficient privileges

Step 3: Login as admin user on DUT0.

Step 4: Modify the following configuration lines in DUT0 :

set user-level 0 command 'show running'

Step 5: Run command show running at DUT0 and expect this output:

Step 6: Login as admin user on DUT0.

Raise Command User Level

Description

This example demonstrates how to raise the permissions needed to execute a specific operational command.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$.gSNak.3w0SEH9/1$s31zOrdvkSDzebjtNBOrwnZRFFka1/dAqyE8C1ZLorL9LtVmipWMO3r9kCK3njaPD/Qm3I4cGICgQPN16M1MO.'
set system login user teldat role monitor

Step 2: Run command system login show users at DUT0 and expect this output:

Step 3: Login as admin user on DUT0.

Step 4: Modify the following configuration lines in DUT0 :

set user-level 15 command 'system login show users'

Step 5: Run command show running at DUT0 and check if output contains the following tokens:

Insufficient privileges

Step 6: Login as admin user on DUT0.

Customize Multi-option Command

Description

This example demonstrates how to prohibit the use of some options in a specific operational command.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$mg6yonkkQ3bPKCAU$MVyzUFFSOZmMl7MsXidj3D1o5I0ZgsqKMjeV3oxQd6K5CLAz14lWmNWVf8eh5ASM8wEMmxp/74zzgmb0bWFJP0'
set system login user teldat role monitor

Step 2: Run command system conntrack show protocol tcp at DUT0 and expect this output:

Step 3: Login as admin user on DUT0.

Step 4: Modify the following configuration lines in DUT0 :

set user-level 15 command 'system conntrack show protocol <txt>'

Step 5: Run command system conntrack show protocol tcp at DUT0 and check if output contains the following tokens:

Insufficient privileges

Step 6: Login as admin user on DUT0.

Customize File Pipe Command

Description

This example demonstrates how to lower the permissions needed to execute both the file pipe and the operational command.

Scenario

Step 1: Set the following configuration in DUT0 :

set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system login user teldat authentication encrypted-password '$6$LochAR7wH/3KPNhT$qI8AYbfotT3o/wLYfVMI9RQtTwQb/nSu9OVUm/NSFk8cf7WGsptV/VuVMv7V1Au//8T4giMS7GTraEUhQRInA0'
set system login user teldat role monitor

Step 2: Run command system login show users | file at DUT0 and expect this output:

Step 3: Login as admin user on DUT0.

Step 4: Modify the following configuration lines in DUT0 :

set user-level 10 command file

Step 5: Run command system login show users | file at DUT0 and check if output contains the following tokens:

Insufficient privileges

Step 6: Login as admin user on DUT0.