Switching

 View Only
last person joined: yesterday 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
  • 1.  Which Junos commands fall into which user category?

    Posted 07-31-2024 15:11

    Is there a way to determine which commands are available to user categories?  I know I can add a command to a user I create and give them a user category, but if they can already run the commands I'm hoping to give them, that would be redundant. 

    For instance, I am creating a login user that I only want to do certain things, based on a trigger being sent to the switch  from an outside program, like Postman or cURL or our Network monitoring platform.  The first one will be to shut down the switch when the attached UPS is almost out of battery.   I don't want this user account to be able to do anything besides the commands I might send. 



    ------------------------------
    JOHN WILLIAMSON
    ------------------------------


  • 2.  RE: Which Junos commands fall into which user category?

     
    Posted 07-31-2024 16:39
    Edited by asharp 07-31-2024 16:40

    Not really.  Only options that come to mind are:

    show cli authorizations

    The above command will provide a list of the permissions available, e.g. admin, admin-control etc., with a brief explanation of the permissions.

    To identify what permissions a particular command requires, then perhaps the CLI Reference will assist in that, each command will show the required permissions.

    Regards,



    ------------------------------
    Andy Sharp
    ------------------------------



  • 3.  RE: Which Junos commands fall into which user category?

    Posted 07-31-2024 17:05

    That CLI Reference does the job. Thanks. 



    ------------------------------
    JOHN WILLIAMSON
    ------------------------------



  • 4.  RE: Which Junos commands fall into which user category?

    Posted 07-31-2024 17:56

    The command I checked needs "maintenance" level access. That gives a lot more than it needs. Is there a way to remove access or only give commands I need it to have?   Trying to make this new user account as secure as possible. 



    ------------------------------
    JOHN WILLIAMSON
    ------------------------------



  • 5.  RE: Which Junos commands fall into which user category?

     
    Posted 08-01-2024 03:50

    The following link should explain the options available for user access privileges etc.

    https://www.juniper.net/documentation/us/en/software/junos/user-access/topics/topic-map/junos-os-access-privileges.html



    ------------------------------
    Andy Sharp
    ------------------------------