[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]


Login Classes for User Accounts with the C-Web Interface

The SRC software provides four predefined login classes to use for configuring user accounts. You can also configure login classes to precisely define access privileges for the user accounts in your SRC environment.

Access Privilege Level

In the SRC CLI, each top-level command-line interface (CLI) command and each configuration statement have an access privilege level associated with them. Similarly, each task and subtask in the C-Web interface have an access privilege level associated with them. Users can configure and view only those tasks for which they have access privileges. The access privileges for each login class are defined by one or more permission options.

Permission options specify which actions are allowed for users assigned to use a login class. More than one permission option can be configured for a login class. Table 2 lists the permission options available when you configure permissions with the SRC CLI and the C-Web interface.

You can use the SRC CLI or the C-Web interface to configure permission options for all commands, statements, tasks, and subtasks. For example, if you configure a user to have the system permission class using the C-Web interface, that user will have the same permission when accessing the SRC CLI.

The SRC software also provides a default set of system login classes that have permissions preset. Table 3 lists the default system login classes.




Table 2: Login Class Permission Options  
Permission
Description

admin

SRC CLI—Can view user account information in configuration mode and with the show configuration command.

C-Web interface—Can view user account information by accessing Monitor>CLI>Authorization.

admin-control

SRC CLI—Can view user accounts and configure them at the [edit system login] hierarchy level.

C-Web interface—Can view user accounts and configure them by accessing Configure>System>Login.

all

SRC CLI and C-Web interface—Has all permissions.

clear

SRC CLI—Can clear (delete) information learned from the network that is stored in various network databases using the clear commands.

C-Web interface—Can clear (delete) information learned from the network that is stored in various network databases by accessing Manage>Clear.

configure

SRC CLI—Can enter configuration mode using the configure command.

C-Web interface—Can access the Configure task and subtasks.

control

SRC CLI and C-Web interface—Can perform all control-level operations (all operations configured with the -control permission).

field

SRC CLI and C-Web interface—Reserved for field (debugging) support.

firewall

SRC CLI—Can view the firewall filter configuration in configuration mode.

C-Web interface—Can view the firewall filter configuration by accessing Monitor>SAE>Services.

firewall-control

SRC CLI—Can view and configure firewall filter information at the [edit firewall] hierarchy level.

C-Web interface—Can view and configure firewall filter information by accessing Configure>Services.

interface

SRC CLI—Can view the interface configuration in configuration mode and with the show configuration operational mode command.

C-Web interface—Can view the interface configuration by accessing Monitor>Interfaces.

interface-control

SRC CLI—Can view chassis, class of service, groups, forwarding options, and interfaces configuration information. Can configure chassis, class of service, groups, forwarding options, and interfaces at the [edit] hierarchy level.

C-Web interface—Can view chassis, class of service, groups, forwarding options, and interfaces configuration information. Can configure chassis, class of service, groups, forwarding options, and interfaces by accessing the Configure task and subtasks.

maintenance

SRC CLI—Can perform system maintenance, including starting a local shell on the system and becoming the superuser in the shell (by issuing the su root command), and can halt and reboot the system (using the request system commands).

C-Web interface—Can perform system maintenance, including halting and reboot the system, by accessing Manage>Request>System.

network

SRC CLI and C-Web interface—Can access the network by entering the SSH and telnet commands.

reset

SRC CLI—Can restart software processes using the restart command, enable components using the enable command, and disable components using the disable command.

C-Web interface—Can restart software processes by accessing Manage>Restart, enable components by accessing Manage>Enable, and disable components by accessing Manage>Disable.

routing

SRC CLI—Can view general routing information in configuration and operational modes.

C-Web interface—Can view general routing information by accessing Monitor>SAE>Route.

routing-control

SRC CLI—Can view and configure general routing at the [edit routing-options] hierarchy level.

C-Web interface—Can view general routing and configure general routing by accessing Configure>Routing Options.

secret

SRC CLI and C-Web interface—Can view passwords and other authentication keys in the configuration.

secret-control

SRC CLI—Can view passwords and other authentication keys in the configuration and can modify them in configuration mode.

C-Web interface—Can view passwords and other authentication keys in the configuration and can modify them by accessing Configure>System>Login.

security

SRC CLI—Can view security configuration in configuration mode and with the show configuration operational mode command.

C-Web interface—Can view security configuration by accessing Monitor>Security>Certificate.

security-control

SRC CLI—Can view and configure security information at the [edit security] hierarchy level.

C-Web interface—Can view security information and configure security information by accessing Manage>Request>Security.

service

SRC CLI and C-Web interface—Can view service and policy definitions.

C-Web interface—Can view service definitions by accessing Monitor>SAE>Services and policy definitions by accessing Monitor>SAE>Policies.

service-control

SRC CLI—Can view and modify service and policy definitions.

C-Web interface—Can view and modify service and policy definitions by accessing Configure>Services and Configure>Policies.

shell

SRC CLI and C-Web interface—Can start a local shell by entering the start shell command.

snmp

SRC CLI—Can view Simple Network Management Protocol (SNMP) configuration information in configuration and operational modes.

C-Web interface—Can view Simple Network Management Protocol (SNMP) configuration information by accessing Monitor>SAE>Statistics.

snmp-control

SRC CLI—Can view SNMP configuration information and configure SNMP (at the [edit snmp] hierarchy level).

C-Web interface—Can view SNMP configuration information and configure SNMP by accessing Configure>SNMP.

subscriber

SRC CLI—Can view information about subscriber definitions.

C-Web interface—Can view information about subscriber definitions by accessing Monitor>SAE>Subscribers.

subscriber-control

SRC CLI —Can view and control information about subscriber definitions.

C-Web interface—Can view information about subscriber definitions and control information about subscriber definitions by accessing Configure>Subscribers.

system

SRC CLI—Can view system-level information in configuration and operational modes.

C-Web interface—Can view system-level configuration information by accessing Monitor>System.

system-control

SRC CLI—Can view system-level configuration information and configure it at the [edit system] hierarchy level.

C-Web interface—Can view system-level configuration and configure it by accessing Configure>System.

view

SRC CLI—Can use various commands to display current systemwide, routing table, and protocol-specific values and statistics.

C-Web interface—Can access various Monitor subtasks to display current systemwide, routing table, and protocol-specific values and statistics.

view-configuration

SRC CLI and C-Web interface—Can view all system configurations, excluding any secret configuration.

When you configure more than one permission with the SRC CLI or the C-Web interface, the resulting set of permissions is a combination of all of the permissions set. This does not apply when you include all and control with the SRC CLI.

When you configure permissions with the SRC CLI, include view to display information and configure to enter configuration mode. Two forms for the permissions control the individual parts of the configuration:

When you configure permissions with the C-Web interface, click Monitor to display information and Configure to configure.

Predefined Login Classes

Table 3 lists the system login classes predefined in the SRC software.

Table 3: Default System Login Classes 
Login Class
Permission Options Set

operator

clear, network, reset, view

read-only

view

super-user

all

unauthorized

None



NOTE: You cannot modify a predefined login class name. If you issue the set command on a predefined class name with the SRC CLI, the software will append -local to the login class name. The following message also appears:

warning: '<class-name>' is a predefined class name; changing to '<class-name>-local'

NOTE: You cannot issue the rename or copy command on a predefined login class with the SRC CLI. Doing so results in the following error message:

error: target '<classname>' is a predefined class


[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]