Re: What permissions does a class need to change the root-authentication password?
You need a super-user to change the root password. The "secret-control" does say that it can change password but it cannot change the root password.
>set system login user test class super-user
As per the Juniper document:
access to the root directory is restricted by default to a predefined user account known as root user. The root user (also referred to as superuser) has unrestricted access and full permissions within the system. The expression “log in as root” is commonly used when an action requires you to log into the device as the root user.