The following link should explain the options available for user access privileges etc.
Original Message:
Sent: 07-31-2024 17:56
From: JOHN WILLIAMSON
Subject: Which Junos commands fall into which user category?
The command I checked needs "maintenance" level access. That gives a lot more than it needs. Is there a way to remove access or only give commands I need it to have? Trying to make this new user account as secure as possible.
------------------------------
JOHN WILLIAMSON
Original Message:
Sent: 07-31-2024 17:05
From: JOHN WILLIAMSON
Subject: Which Junos commands fall into which user category?
That CLI Reference does the job. Thanks.
------------------------------
JOHN WILLIAMSON
Original Message:
Sent: 07-31-2024 16:39
From: asharp
Subject: Which Junos commands fall into which user category?
Not really. Only options that come to mind are:
show cli authorizations
The above command will provide a list of the permissions available, e.g. admin, admin-control etc., with a brief explanation of the permissions.
To identify what permissions a particular command requires, then perhaps the CLI Reference will assist in that, each command will show the required permissions.
Regards,
------------------------------
Andy Sharp
Original Message:
Sent: 07-31-2024 15:11
From: JOHN WILLIAMSON
Subject: Which Junos commands fall into which user category?
Is there a way to determine which commands are available to user categories? I know I can add a command to a user I create and give them a user category, but if they can already run the commands I'm hoping to give them, that would be redundant.
For instance, I am creating a login user that I only want to do certain things, based on a trigger being sent to the switch from an outside program, like Postman or cURL or our Network monitoring platform. The first one will be to shut down the switch when the attached UPS is almost out of battery. I don't want this user account to be able to do anything besides the commands I might send.
------------------------------
JOHN WILLIAMSON
------------------------------