- play_arrow Overview
- play_arrow Introduction
-
- play_arrow Devices
- play_arrow Device Management
- play_arrow Systems of Record
- play_arrow Device Discovery Profiles
- play_arrow Modeling Devices
- Rapid Deployment Overview
- Zero Touch Deployment Using Autoinstallation and Junos Space Network Management Platform on ACX Series and SRX Series Devices
- Model Devices Overview
- Creating a Connection Profile
- Creating a Modeled Instance
- Activating a Modeled or Cloned Device in Junos Space Network Management Platform
- Downloading a Configlet
- Viewing and Copying Configlet Data
- Activating Devices by Using Configlets
- Viewing a Modeled Instance
- Adding More Devices to an Existing Modeled Instance
- Viewing the Status of Modeled Devices
- Deleting Modeled Instances
- Viewing a Connection Profile
- Cloning a Connection Profile
- Modifying a Connection Profile
- Deleting Connection Profiles
- play_arrow Device Authentication in Junos Space
- play_arrow Viewing Device Inventory
- play_arrow Exporting Device Inventory
- play_arrow Configuring Juniper Networks Devices
- Modifying the Configuration on the Device
- Reviewing and Deploying the Device Configuration
- Junos OS Releases Supported in Junos Space Network Management Platform
- Configuration Guides Overview
- Saving the Configuration Created using the Configuration Guides
- Previewing the Configuration Created using the Configuration Guides
- Deploying the Configuration Created using the Configuration Guides
- Viewing and Assigning Shared Objects
- Applying a CLI Configlet to Devices
- Applying a CLI Configlet to a Physical Inventory Element
- Applying a CLI Configlet to a Physical Interface
- Applying a CLI Configlet to a Logical Interface
- Executing a Script on the Devices
- Executing a Script on a Physical Inventory Component
- Executing a Script on a Logical Interface
- Executing a Script on the Physical Interfaces
- play_arrow Device Adapter
- play_arrow Device Configuration Management
- play_arrow Adding and Managing Non Juniper Networks Devices
- play_arrow Accessing Devices
- Launching a Device’s Web User Interface
- Looking Glass Overview
- Executing Commands by Using Looking Glass
- Exporting Looking Glass Results in Junos Space Network Management Platform
- Secure Console Overview
- Connecting to a Device by Using Secure Console
- Configuring SRX Series Firewall Clusters in Junos Space using Secure Console
- play_arrow Logical Systems (LSYS)
- play_arrow Tenant System (TSYS)
- play_arrow Device Partitions
- play_arrow Custom Labels
- play_arrow Verifying Template, Image Deployment, Script Execution, and Staged Images on Devices
- play_arrow Device Maintenance
- Viewing Device Statistics
- Viewing Devices and Logical Systems with QuickView
- Resynchronizing Managed Devices with the Network
- Putting a Device in RMA State and Reactivating Its Replacement
- Modifying the Target IP Address of a Device
- Modifying the Serial Number of a Device
- Rebooting Devices
- Deleting Staged Images on a Device
- Cloning a Device in Junos Space Network Management Platform
- Deleting Devices
-
- play_arrow Device Templates
- play_arrow Overview
- play_arrow Template Definitions
- Creating a Template Definition
- Finding Configuration Options in a Template Definition
- Working with Rules in a Template Definition
- Specifying Device-Specific Values in Template Definitions
- Managing CSV Files for a Template Definition
- Publishing a Template Definition
- Viewing a Template Definition
- Modifying a Template Definition
- Cloning a Template Definition
- Importing a Template Definition
- Exporting a Template Definition
- Unpublishing a Template Definition
- Deleting a Template Definition
- play_arrow Configuring Devices using Device Templates
- play_arrow Configuring Devices using Quick Templates
- play_arrow Device Template Administration
- Viewing Template Details
- Viewing the Device-Template Association (Device Templates)
- Viewing Template Definition Statistics
- Viewing Device Template Statistics
- Comparing Templates or Template Versions
- Comparing a Device Template Configuration with a Device Configuration
- Cloning a Template in Junos Space Network Management Platform
- Exporting and Importing a Quick Template in Junos Space Network Management Platform
- Deleting Device Templates from Junos Space Network Management Platform
-
- play_arrow CLI Configlets
- play_arrow Overview
- play_arrow CLI Configlets
- Creating a CLI Configlet
- Modifying a CLI Configlet
- Viewing CLI Configlet Statistics
- Viewing a CLI Configlet
- Exporting CLI Configlets
- CLI Configlet Examples
- Deleting CLI configlets
- Cloning a CLI Configlet
- Importing CLI Configlets
- Applying a CLI Configlet to Devices
- Comparing CLI Configet Versions
- Marking and Unmarking CLI Configlets as Favorite
- play_arrow Configuration Views
- Configuration Views Overview
- Configuration View Variables
- Configuration View Workflow
- XML Extensions
- Creating a Configuration View
- Viewing a Configuration View
- Modifying a Configuration View
- Deleting Configuration Views
- Exporting and Importing Configuration Views
- Viewing Configuration Views Statistics
- Default Configuration Views Examples
- play_arrow XPath and Regular Expressions
- play_arrow Configuration Filters
-
- play_arrow Images and Scripts
- play_arrow Overview
- play_arrow Managing Device Images
- Device Images Overview
- Importing Device Images to Junos Space
- Viewing Device Images
- Modifying Device Image Details
- Staging Device Images
- Staging Satellite Software Packages on Aggregation Devices
- Verifying the Checksum
- Viewing and Deleting MD5 Validation Results
- Deploying Device Images
- Deploying Satellite Software Packages on Aggregation and Satellite Devices
- Viewing Device Image Deployment Results
- Viewing Device Association of Images
- Undeploying JAM Packages from Devices
- Removing Device Images from Devices
- Deleting Device Images
- play_arrow Managing Scripts
- Scripts Overview
- Promoting Scripts Overview
- Importing Scripts to Junos Space
- Viewing Script Details
- Modifying Scripts
- Modifying Script Types
- Comparing Script Versions
- Staging Scripts on Devices
- Verifying the Checksum of Scripts on Devices
- Viewing Verification Results
- Enabling Scripts on Devices
- Executing Scripts on Devices
- Executing Scripts on Devices Locally with JUISE
- Viewing Execution Results
- Exporting Scripts in .tar Format
- Viewing Device Association of Scripts
- Marking and Unmarking Scripts as Favorite
- Disabling Scripts on Devices
- Removing Scripts from Devices
- Deleting Scripts
- Script Annotations
- Script Example
- play_arrow Managing Operations
- play_arrow Managing Script Bundles
- Script Bundles Overview
- Creating a Script Bundle
- Viewing Script Bundles
- Modifying a Script Bundle
- Staging Script Bundles on Devices
- Enabling Scripts in Script Bundles on Devices
- Executing Script Bundles on Devices
- Disabling Scripts in Script Bundles on Devices
- Viewing Device Associations of Scripts in Script Bundles
- Deleting Script Bundles
-
- play_arrow Reports
- play_arrow Reports Overview
- play_arrow Report Definitions
- play_arrow Reports
-
- play_arrow Network Monitoring
- play_arrow Overview
- play_arrow Integration of OpenNMS with Junos Space Network Management Platform
- play_arrow Managing Nodes
- play_arrow Network Monitoring Administration
-
- play_arrow Configuration Files
- play_arrow Overview
- play_arrow Managing Configuration Files
-
- play_arrow Jobs
- play_arrow Overview
- play_arrow Managing Jobs
- Viewing Statistics for Jobs
- Viewing Your Jobs
- Viewing Jobs
- Viewing Objects on Which a Job is Executed
- Viewing Job Recurrence
- Rescheduling and Modifying the Recurrence Settings of Jobs
- Retrying a Job on Failed Devices
- Reassigning Jobs
- Canceling Jobs
- Clearing Your Jobs
- Archiving and Purging Jobs
- Common Error Messages in Device-Related Operations
-
- play_arrow Audit Logs
- play_arrow Administration
- play_arrow Overview
- play_arrow Managing Nodes in the Junos Space Fabric
- Fabric Management Overview
- Overall System Condition and Fabric Load History Overview
- Junos Space Nodes in the Junos Space Fabric Overview
- Dedicated Database Nodes in the Junos Space Fabric Overview
- Adding a Node to an Existing Junos Space Fabric
- Viewing Nodes in the Fabric
- Monitoring Nodes in the Fabric
- Shutting Down or Rebooting Nodes in the Junos Space Fabric
- Deleting a Node from the Junos Space Fabric
- Resetting MySQL Replication
- Modifying the Network Settings of a Node in the Junos Space Fabric
- Load-Balancing Devices Across Junos Space Nodes
- Replacing a Failed Junos Space Node
- Generating and Uploading Authentication Keys to Devices
- Configuring the ESX or ESXi Server Parameters on a Node in the Junos Space Fabric
- Creating a System Snapshot
- Deleting a System Snapshot
- Restoring the System to a Snapshot
- NAT Configuration for Junos Space Network Management Platform Overview
- Configuring the NAT IP Addresses and Ports on Junos Space Platform
- Modifying the NAT IP Addresses and Ports on Junos Space Platform
- Disabling the NAT Configuration on Junos Space Platform
- play_arrow Backing up and Restoring the Junos Space Platform Database
- play_arrow Managing Licenses
- play_arrow Managing Junos Space Platform and Applications
- Managing Junos Space Applications Overview
- Upgrading Junos Space Network Management Platform Overview
- Junos Space Store Overview
- Configuring and Managing Junos Space Store
- Running Applications in Separate Server Instances
- Managing Junos Space Applications
- Modifying Settings of Junos Space Applications
- Modifying Junos Space Network Management Platform Settings
- Managing File Integrity Check
- Adding a Junos Space Application
- Upgrading a Junos Space Application
- Upgrading Junos Space Network Management Platform
- Synchronizing Time Across Junos Space Nodes
- Upgrading to Junos Space Network Management Platform Release 21.1R1
- Upgrade to Junos Space Network Management Platform Release 24.1R1
- Uninstalling a Junos Space Application
- play_arrow Managing Troubleshooting Log Files
- System Status Log File Overview
- Customizing Node System Status Log Checking
- Customizing Node Log Files to Download
- Configuring JBoss Logs in Junos Space
- Generating JBoss Thread Dump for Junos Space Nodes
- Downloading the Troubleshooting Log File in Server Mode
- Downloading the Troubleshooting Log File in Maintenance Mode
- Downloading Troubleshooting System Log Files Through the Junos Space CLI
- play_arrow Managing Certificates
- Certificate Management Overview
- Changing User Authentication Modes
- Installing a Custom SSL Certificate on the Junos Space Server
- Uploading a User Certificate
- Uploading a CA Certificate and Certificate Revocation List
- Deleting a CA Certificate or Certificate Revocation List
- Adding and Activating X.509 Certificate Parameters for X.509 Certificate Parameter Authentication
- Modifying an X.509 Certificate Parameter
- Deleting X.509 Certificate Parameters
- play_arrow Configuring Authentication Servers
- Remote Authentication Overview
- Junos Space Authentication Modes Overview
- Junos Space Login Behavior with Remote Authentication Enabled
- Managing Remote Authentication Servers
- Creating a Remote Authentication Server
- Modifying Authentication Settings
- Configuring a RADIUS Server for Authentication and Authorization
- Configuring a TACACS+ Server for Authentication and Authorization
- play_arrow Managing SMTP Servers
- play_arrow Email Listeners
- play_arrow Managing Git Repositories
- play_arrow Audit Log Forwarding
- Audit Log Forwarding in Junos Space Overview
- Viewing Audit Log Forwarding Criterion
- Adding Audit Log Forwarding Criterion
- Modifying Audit Log Forwarding Criterion
- Deleting Audit Log Forwarding Criterion
- Enabling Audit Log Forwarding Criterion
- Testing the System Log Server Connection for Audit Log Forwarding
- play_arrow Configuring a Proxy Server
- play_arrow Managing Tags
- Tags Overview
- Creating a Tag
- Managing Tags
- Managing Hierarchical Tags
- Sharing a Tag
- Renaming Tags
- Deleting Tags
- Tagging an Object
- Untagging Objects
- Filtering the Inventory by Using Tags
- Viewing Tagged Objects
- Viewing Tags for a Managed Object
- Exporting Tags from Junos Space Network Management Platform
- play_arrow Managing DMI Schemas
- DMI Schema Management Overview
- Viewing and Managing DMI Schemas
- Viewing Missing DMI Schemas
- Setting a Default DMI Schema
- Configuring Access to Juniper Networks DMI Schema Repository by Using the Configure Juniper Repository Action
- Adding Missing DMI Schemas or Updating Outdated DMI Schemas in Junos Space Network Management Platform
- Creating a Compressed TAR File for Updating DMI Schema
- Viewing and Deleting Unused DMI Schemas
- play_arrow Managing Hardware Catalog
- play_arrow Managing the Purging Policy
- play_arrow Disaster Recovery
-
- play_arrow Troubleshooting
- play_arrow Knowledge Base
-
ON THIS PAGE
Role-Based Access Control Overview
Junos Space Network Management Platform grants access and management privileges only to those users validated by its authentication process and given permissions by its authorization process.
A Junos Space Super Administrator or User Administrator creates users and then assigns them one or more roles so that they are able to access and manage tasks and objects within workspaces in Junos Space Platform. The roles determine which workspace or workspaces a user can access and which tasks the user can perform within the workspace or workspaces.
As a Junos Space Super Administrator or User Administrator, you can also create and assign API Access Profiles to restrict users from executing remote procedure call (RPC) commands that are potentially unsafe for or harmful to your network. Rules are added to an API Access Profile as XPath expressions that determine whether or not an RPC command is safe to be executed.
User Authentication
Through authentication, Junos Space Network Management Platform validates users on the basis of passwords or certificates. Junos Space Network Management Platform supports both local and remote user authentication. When a user tries to access Junos Space Network Management Platform, the user can be authenticated locally by confirming that the password entered by the user at login matches the password stored in the Junos Space Platform database or remotely through a RADIUS or TACACS+ server. For information about configuring RADIUS and TACACS+ servers for remote authentication and authorization, see Configuring a RADIUS Server for Authentication and Authorization and Configuring a TACACS+ Server for Authentication and Authorization.
Junos Space Network Management Platform also supports certificate-based user authentication and X.509 certificate parameter–based user authentication. Instead of authenticating a user on the basis of the user’s credentials, you can authenticate a user on the basis of the user’s certificate, which is considered more secure. For more information about certificate-based authentication or certificate parameter–based authentication, see Certificate Management Overview.
RBAC Enforcement
With role-based access control (RBAC) enforcement, a Junos Space Super Administrator or User Administrator defines the workspaces that users can access, the system resources that users can view and manage, and the tasks available to users within a workspace. RBAC is enforced in the Junos Space user interface navigation hierarchy by workspace, task group, and task. A user can access only those portions of the navigation hierarchy that are explicitly granted through access privileges. The following sections describe RBAC enforcement behavior at each level of the user interface navigation hierarchy.
RBAC Enforcement by Workspace
The Junos Space user interface provides a task-oriented environment in which a collection of related tasks is organized by workspace. For example, the Users workspace defines the group of tasks related to managing users and roles. These tasks include creating, modifying, and deleting users, and assigning roles. Enforcement by workspace ensures that a user can view only those workspaces that contain the tasks that the user has permissions to execute. For example, a user who is assigned the device manager role, which grants access privileges to all tasks in the Devices workspace, can access only the Devices workspace. No other workspaces are visible to this user unless other roles are assigned to this user. If a user is assigned a role that grants access privileges to some tasks in a workspace, the user can view all the tasks in the workspace, but execute only the tasks for which permissions have been granted.
RBAC Enforcement Not Supported on the Getting Started Page
RBAC enforcement is not enabled for the contents of the Getting Started page. Consequently, a user who does not have certain access privileges can still view the steps displayed on the Getting Started page. For example, a user without privileges to manage devices still sees the Discover Devices step. However, when the user clicks the step, Junos Space Network Management Platform displays an error message to indicate that the user does not have the permission to access the workspace or tasks to which the step is linked.
