[j-nsp] Re: TACACS+ authorization

[Kanagaraj Krishna]

Hi,
     I'm currently working on configuring the user authorization for user access into our m7i router. I'm used to the cisco privilege command, but having some trouble with juniper command hierarchy. Most of the permission bit for access privilege levels are not specific (refered to Juniper site). The authorization that i want set for these user is specifically only allow:

- ping
- traceroute
- exit
- sh config (interface and routing protocols only)
- sh interface 
- monitor interface
- configuring specific interfaces only

It would be appreciated if anyone could suggest some examples or reference in doing this. Another question would be, what are the pros and cons of controlling authorization on the router (user template) compared to the aaa server config. Thanks.

Regards,
Kana