Examples Using Privilege Group Membership - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - SYSTEM BASICS CONFIGURATION GUIDE 2010-10-04 Configuration Manual
Software for e series broadband services routers system basics configuration guide
Hide thumbs
Also See for JUNOSE SOFTWARE FOR E SERIES 11.3.X - SYSTEM BASICS CONFIGURATION GUIDE 2010-10-04:
- Configuration manual (304 pages) ,
- Reference manual (284 pages)
Table of Contents
Advertisement
JunosE 11.3.x System Basics Configuration Guide
Examples Using Privilege Group Membership
Example 1
Example 2
Example 3
50
For hierarchical groups, groups 0 through 14 are reachable from privilege group 15, groups
0 through 13 are reachable from privilege group 14, groups 0 to 4 are reachable from 5,
and so forth. Hierarchical groups can also contain other privilege groups. For example,
group A is reachable from group B if group A is a member of group B or is a member of a
group that is a member of group B. If group X has member Y and Y has member Z then
Z is reachable from X.
You cannot configure circular dependencies. For example, you cannot configure a circular
dependency where group X has member Y, Y has member Z, Z has member P, and X can
reach Z and P. Group X cannot have member Z or P because Z and P are reachable
through Y.
In each of the following examples, privilege groups are at the default setting, where
privilege group 0 is reachable from every privilege group, 15 contains 14, 14 contains 13,
13 contains 12, and so forth. The commands in each example change the privilege group
settings from the default.
host1(config)#privilege-group membership clear 11
host1(config)#privilege-group membership 15 add 10
In Example 1:
Privilege group 11 does not contain any privilege groups
Privilege group 15 contains group 10. Therefore, privilege group 10 and all groups
contained or reachable from privilege group 10 are now reachable from privilege group
15.
Because privilege group 15 already contains privilege group 14, all groups with the
exception of privilege group 11 are reachable from privilege group 15.
A command that is in privilege group 11 can only be executed by a user at privilege 11.
A user at any other privilege does not have access to privilege group 11 commands.
host1(config)#privilege-group membership 14 remove 13
In Example 2:
Privilege group 14 does not contain any privilege groups.
Privilege group 15 contains two groups: 14 and 10. The privilege groups 0, 1, 2, 4, 5, 6, 7,
8, 9, 10, and 14 are reachable from privilege group 15.
A user at privilege 15 does not have access to commands in privilege groups 11, 12, or
13.
host1(config)#privilege-group membership clear 13
host1(config)#privilege-group membership 13 add 10
In Example 3:
Commands are executed in the following sequence: 15 contains 14, 14 contains 13, 13
contains 12, and so forth,
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the JUNOSE SOFTWARE FOR E SERIES 11.3.X - SYSTEM BASICS CONFIGURATION GUIDE 2010-10-04 and is the answer not in the manual?
Questions and answers