Create your own class is probably the easiest since you have total control over
what they can or can't do. You could do something simple like this:
class RO-USERS {
permissions [ view view-configuration ];
Just depends on what you want to accomplish. You can then further lock it down
so they can only view certain interface types, etc. with the deny and
deny-configuration command options.
Good luck,
-Jeff
On Feb 4, 2010, at 9:14 AM, matthew zeier wrote:
> Not clear how to create a dumbed down read-only user who can just view the
> config.
>
> In a Cisco world I'd use "privilege exec level" . In JunOS, a read-only
> class can't run "show configuration".
>
> What's the nugget of info I'm missing?
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
