Create your own class is probably the easiest since you have total control over what they can or can't do. You could do something simple like this:
class RO-USERS { permissions [ view view-configuration ]; Just depends on what you want to accomplish. You can then further lock it down so they can only view certain interface types, etc. with the deny and deny-configuration command options. Good luck, -Jeff On Feb 4, 2010, at 9:14 AM, matthew zeier wrote: > Not clear how to create a dumbed down read-only user who can just view the > config. > > In a Cisco world I'd use "privilege exec level" . In JunOS, a read-only > class can't run "show configuration". > > What's the nugget of info I'm missing? > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp