Hi junosuser33,
Greetings,
I would recommend you to configure something like below:
1. Create a custom class (read-only-show) would allows only specific commands like below:
# set system login class read-only-show allow-commands "(show version)|(show configuration)|(show configuration | display set)|(show system information)"
2. Further map the user to this class with the below command:
# set system login user test class read-only-show
> Output from lab device:
# show | compare
[edit system login]
+ class read-only-show {
+ allow-commands "(show version)|(show configuration)|(show configuration | display set)|(show system information)";
+ }
[edit system login]
+ user test {
+ class read-only-show;
+ }
After adding and logging with the user (say test) this will only list the allowed commands like :
test@lab> show ?
Possible completions:
configuration Show current configuration
system Show system information
version Show software process revision levels
I hope this helps. Please mark "Accept as solution" if this answers your query.
Kudos are appreciated too!
Regards,
Sharat Ainapur