Junos
Highlighted
Junos

User Access Help

‎11-05-2016 11:01 AM

Hi,

 

Is there a way to block certain command outputs from appearing for specific user classes?  For example, I want users to be able to use the show routes command, but I don't want them to see certain routes like "1.1.1.1/24", so when they do a show route, the routes that involve 1.1.1.1/24 will not appear in their output for that command.

 

Thanks!

2 REPLIES 2
Highlighted
Junos

Re: User Access Help

‎11-09-2016 01:48 AM

Hi Gourami,

 

This will involve some specific configuration changes from your end.

You can use the below kb and follow the suggestions to achieve what you are looking for;

https://kb.juniper.net/InfoCenter/index?page=content&id=KB30998&actp=RSS&smlogin=true

 

Shailesh
[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Highlighted
Junos

Re: User Access Help

‎11-12-2016 10:57 AM

No, you cannot restrict access in Junos based on data output.

 

the security model for user access is based on the hierarchy of the configuration or the access to the commands themselves.  Once you have access to the command at that level you will see the results of the command.

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Feedback