[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]


Login Classes for User Accounts

The SRC software provides four predefined login classes to use for configuring user accounts. You can also configure login classes to precisely define access privileges for the user accounts in your SRC environment.

Access Privilege Level

Each top-level command-line interface (CLI) command and each configuration statement has an access privilege level associated with it. Users can execute only those commands and configure and view only those statements for which they have access privileges. The access privileges for each login class are defined by one or more permission options.

Permission options specify which actions are allowed by users assigned to use a login class. More than one permission option can be configured for a login class. Table 12 lists the permission options available.

The privilege level for each command and statement is listed in SRC-PE CLI Command Reference.

The SRC software also provides a default set of system login classes that have permissions preset. Table 13 lists the default system login classes.




Table 12: Login Class Permission Options  
Permission
Description

admin

Can view user account information in configuration mode and with the show configuration command.

admin-control

Can view user accounts and configure them (at the [edit system login] hierarchy level).

all

Has all permissions.

clear

Can clear (delete) information learned from the network that is stored in various network databases (using the clear commands).

configure

Can enter configuration mode (using the configure command).

control

Can perform all control-level operations (all operations configured with the -control permission).

field

Reserved for field (debugging) support.

firewall

Can view the firewall filter configuration in configuration mode.

firewall-control

Can view and configure firewall filter information (at the [edit firewall] hierarchy level).

interface

Can view the interface configuration in configuration mode and with the show configuration operational mode command.

interface-control

Can view chassis, class of service, groups, forwarding options, and interfaces configuration information. Can configure chassis, class of service, groups, forwarding options, and interfaces (at the [edit] hierarchy level).

maintenance

Can perform system maintenance, including starting a local shell on the system and becoming the superuser in the shell (by issuing the su root command), and can halt and reboot the system (using the request system commands).

network

Can access the network by entering the SSH and telnet commands.

reset

Can restart software processes using the restart command, enable components using the enable command, and disable components using the disable command.

routing

Can view general routing, routing protocol, and routing policy configuration information in configuration and operational modes.

routing-control

Can view general routing, routing protocol, and routing policy configuration information and configure general routing (at the [edit routing-options] hierarchy level), routing protocols (at the [edit protocols] hierarchy level), and routing policy (at the [edit policy-options] hierarchy level).

secret

Can view passwords and other authentication keys in the configuration.

secret-control

Can view passwords and other authentication keys in the configuration and can modify them in configuration mode.

security

Can view security configuration in configuration mode and with the show configuration operational mode command.

security-control

Can view and configure security information (at the [edit security] hierarchy level).

service

Can view service and policy definitions.

service-control

Can view and modify service and policy definitions.

shell

Can start a local shell by entering the start shell command.

snmp

Can view Simple Network Management Protocol (SNMP) configuration information in configuration and operational modes.

snmp-control

Can view SNMP configuration information and configure SNMP (at the [edit snmp] hierarchy level).

subscriber

Can view information about subscriber definitions.

subscriber-control

Can view and control information about subscriber definitions.

system

Can view system-level information in configuration and operational modes.

system-control

Can view system-level configuration information and configure it (at the [edit system] hierarchy level).

view

Can use various commands to display current systemwide, routing table, and protocol-specific values and statistics.

view-configuration

Can view all system configuration, excluding any secret configuration.

When you configure more than one permission, the resulting set of permissions is a combination of all of the permissions set, except for all and control.

When you configure permissions, include view to display information and configure to enter configuration mode. Two forms for the permissions control the individual parts of the configuration:

Predefined Login Classes

Table 13 lists the system login classes predefined in the SRC software.

Table 13: Default System Login Classes 
Login Class
Permission Options Set

operator

clear, network, reset, view

read-only

view

super-user

all

unauthorized

None



NOTE: You cannot modify a predefined login class name. If you issue the set command on a predefined class name, the software will append -local to the login class name. The following message also appears:

warning: '<class-name>' is a predefined class name; changing to '<class-name>-local'

NOTE: You cannot issue the rename or copy command on a predefined login class. Doing so results in the following error message:

error: target '<classname>' is a predefined class

[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]