On Mon, 17 Sep 2001, David A. Lauer wrote:
>> Administrative access provides full access including modification of
>> configuration. The read-only access can perform 'show interfaces', 'show
>> bgp', etc... The problem I have is I'd like the read-only account to also
>> be able to issue the 'show configuration' command but I have been unable
>> to get this work.
Well, try with the following, which works perfectly for me:
[edit system login]
class read-only {
permissions [ interface network routing view ];
deny-commands "(file*|test*)";
}
class read-only-plus {
permissions [ admin interface network routing snmp system view firewall ];
deny-commands "(file*|test*)";
}
Explanation: "show config" is allowed by default. However, every user is
permitted to have a view of only a part of the router config defined by
"permissions" statement. Everything else is invisible for that user.
Regards,
Beri
--------- Berislav Todorovic, Senior NOC Specialist --------
------- KPNQwest N.V. - IP NOC (formerly EUnet NOC) ------
---- Wilhelmina van Pruisenweg 78, 2595 AN Den Haag, NL ----
--- Phone: +31-70-379-3990; Mobile: +31-651-333-641 ---
-- Email: beri@kpnqwest.net <=> beri@EU.net --
--- _ _ ____ _ .--. ____ ____ __/_ ---
----- /__/ /___/ /\ / / / | / /___/ /___ / ------
------ _/ \_ / _/ \/ (__.\ |/\/ /___ ____/ (__. -----
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:37 EDT