Setting Privileges For Ambiguous Commands - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - SYSTEM BASICS CONFIGURATION GUIDE 2010-10-04 Configuration Manual

Setting Privileges for Ambiguous Commands

Copyright © 2010, Juniper Networks, Inc.
desired privilege level stops and allows any keyword options that may follow in the
command sequence. The algorithm then waits for a carriage return before looking at the
next command sequence.
For example, you can change the command privilege level for the telnet command.
However, because the telnet command is immediately followed by a variable (that is, a
hostname or IP address) and not a keyword, you cannot change the privilege level for
any keywords that follow the command.
host1#telnet ?
HOSTNAME or A.B.C.D The ip address of the remote system
host1#telnet router2 ?
<0 - 65535> The port on which to send the request
bgp Border Gateway Protocol (179)
chargen Character generator (19)
cmd Remote commands (rcmd, 514)
The privilege command allows you to set command privilege levels for parts of commands
that the CLI would normally consider ambiguous. In other words, you can set privilege
levels by specifying letters that represent only the beginning part of a command or group
of commands (even the first letter of a command or group of commands).
The following example sets the privilege level to 12 for any Exec mode (user or privileged)
command that start with the letter " t" :
host1(config)#privilege exec level 12 t
The list of affected commands includes telnet, terminal, test, and traceroute.
The following example changes all the above commands, with the exception of the
traceroute command, to level 15:
host1(config)#privilege exec level 15 te
The following example changes all commands that start with the letters " te" (for example,
telnet, terminal, and test) and any second keyword that starts with the letter " i" and
follows a command that starts with the letters " te" (for example, the keyword " ip" in
the command test ip) to level 1:
host1(config)#privilege exec level 1 te i
When you enter an ambiguous command and an exact match of the command is found,
partial matches are ignored and are not modified.
For example, the traffic-class and traffic-class-group commands are available in Global
Configuration mode. If you issue the privilege configure level 5 traffic-class command,
an exact match is made to traffic-class, and traffic-class-group is not modified.
If you want to set the privilege level for both traffic-class and traffic-class-group and
you do not want the exact match to be made to traffic-class, issue a partial command
such as traffic-c. The privilege level of all commands that begin with traffic-c is modified.
Chapter 2: Command-Line Interface
55