{"id":932,"date":"2015-08-17T18:49:31","date_gmt":"2015-08-17T18:49:31","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2015\/08\/17\/juniper-srx-how-to-create-a-readonly-account\/"},"modified":"2021-07-31T11:45:40","modified_gmt":"2021-07-31T11:45:40","slug":"juniper-srx-how-to-create-a-readonly-account","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-how-to-create-a-readonly-account.html","title":{"rendered":"Juniper SRX &#8211; How to Create a ReadOnly Account"},"content":{"rendered":"<p>Within this article we will provide the necessary commands required to create a read-only account on a Juniper SRX. Within our example a user is created with the following attributes,<\/p>\n<ul>\n<li>A user with the username of &#8216;<strong>user1<\/strong>&#8216;.<\/li>\n<li><strong>ONLY allowed<\/strong> to use the <span class=\"codeinline\">show command<\/span>.<\/li>\n<li>SNMP configuration is <strong>REMOVED<\/strong> from the configuration output.<\/li>\n<li>The <span class=\"codeinline\">policy-options<\/span> and <span class=\"codeinline\">security address-book<\/span> output is <strong>REMOVED<\/strong> from the configuration output.<\/li>\n<\/ul>\n<h2>Configuration<\/h2>\n<p>The configuration is pretty simple. A class is first created which defines what the user can do. Finally a user is then created and the class assigned.<\/p>\n<p>Here is a breakdown of the class,<\/p>\n<ul>\n<li><strong>permissions<\/strong> &#8211; defines what contexts the user is allowed permission to. In this case it is everything other then SNMP.<\/li>\n<li><strong>allow-commands<\/strong> &#8211; defines what commands the user is permitted to perform under the contexts.<\/li>\n<li><strong>deny-commands<\/strong> &#8211; defines what commands the user is not permitted to perform under the contexts<\/li>\n<li><strong>deny-configuration<\/strong> &#8211; defines what configuration is excluded from the configuration output. i.e actual address books could be excluded via <span class=\"codeinline\">deny-configuration &#8220;(security address-book global address-set MGMT-IPS)&#8221;<\/span>;<\/li>\n<\/ul>\n<pre class=\"prettyprint\">login {\r\n\u00a0\u00a0\u00a0 class user1 {\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 permissions [ admin interface routing security system ];\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 allow-commands show; \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 deny-commands \"(clear)|(file)|(file show)|(help)|(load)|(monitor)|(op)|(request)|(save)\r\n|(set)|(start)|(user1)\";\r\n        deny-configuration \"(policy-options)|(security address-book)\";  \r\n\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0 user user1 { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 uid 2007; \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 class user1; \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 authentication { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 encrypted-password \"$1$u.5scwBy$wzCJgOIqu8LvIjB9CJco70\"; ## SECRET-DATA \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0 } \r\n  }<\/pre>\n<h2>Commands<\/h2>\n<p>The actual commands to configure the above are shown below,<\/p>\n<pre class=\"prettyprint\">set system login class user1 permissions admin\r\nset system login class user1 permissions interface\r\nset system login class user1 permissions routing\r\nset system login class user1 permissions security\r\nset system login class user1 permissions system\r\nset system login class user1 allow-commands show\r\nset system login class user1 deny-commands \"(clear)|(file)|(file show)|(help)|(load)|(monitor)\r\n|(op)|(request)|(save)|(set)|(start)|(user1)\"\r\nset system login class user1 deny-configuration \"(policy-options)|(security address-book)\"\r\n\r\nset system login user user1 uid 2007\r\nset system login user user1 class user1\r\nset system login user user1 authentication plain-text-password \/\/ prompts you to enter password<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Within this article we will provide the necessary commands required to create a read-only account on a Juniper SRX. Within our example a user is created with the following attributes, A user with the username of &#8216;user1&#8216;. ONLY allowed to use the show command. SNMP configuration is REMOVED from the configuration output. The policy-options and &#8230; <a title=\"Juniper SRX &#8211; How to Create a ReadOnly Account\" class=\"read-more\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-how-to-create-a-readonly-account.html\" aria-label=\"Read more about Juniper SRX &#8211; How to Create a ReadOnly Account\">Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Juniper SRX - How to Create a ReadOnly Account - Fir3net<\/title>\n<meta name=\"description\" content=\"Within this article we will provide the necessary commands required to create a read-only account on a Juniper SRX. Within our example a user is created\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-how-to-create-a-readonly-account.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Juniper SRX - How to Create a ReadOnly Account - Fir3net\" \/>\n<meta property=\"og:description\" content=\"Within this article we will provide the necessary commands required to create a read-only account on a Juniper SRX. Within our example a user is created\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-how-to-create-a-readonly-account.html\" \/>\n<meta property=\"og:site_name\" content=\"Fir3net\" \/>\n<meta property=\"article:published_time\" content=\"2015-08-17T18:49:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-31T11:45:40+00:00\" \/>\n<meta name=\"author\" content=\"Rick Donato\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rick Donato\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-how-to-create-a-readonly-account.html#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-how-to-create-a-readonly-account.html\"},\"author\":{\"name\":\"Rick Donato\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\"},\"headline\":\"Juniper SRX &#8211; How to Create a ReadOnly Account\",\"datePublished\":\"2015-08-17T18:49:31+00:00\",\"dateModified\":\"2021-07-31T11:45:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-how-to-create-a-readonly-account.html\"},\"wordCount\":194,\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"articleSection\":[\"Juniper Firewalls\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-how-to-create-a-readonly-account.html\",\"url\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-how-to-create-a-readonly-account.html\",\"name\":\"Juniper SRX - How to Create a ReadOnly Account - Fir3net\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/#website\"},\"datePublished\":\"2015-08-17T18:49:31+00:00\",\"dateModified\":\"2021-07-31T11:45:40+00:00\",\"description\":\"Within this article we will provide the necessary commands required to create a read-only account on a Juniper SRX. Within our example a user is created\",\"breadcrumb\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-how-to-create-a-readonly-account.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-how-to-create-a-readonly-account.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-how-to-create-a-readonly-account.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.fir3net.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\/\/www.fir3net.com\/security\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Firewalls\",\"item\":\"https:\/\/www.fir3net.com\/security\/firewalls\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Juniper Firewalls\",\"item\":\"https:\/\/www.fir3net.com\/security\/firewalls\/juniper\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"Juniper SRX &#8211; How to Create a ReadOnly Account\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.fir3net.com\/#website\",\"url\":\"https:\/\/www.fir3net.com\/\",\"name\":\"Fir3net\",\"description\":\"Keeping you in the know\",\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.fir3net.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.fir3net.com\/#organization\",\"name\":\"Fir3net\",\"url\":\"https:\/\/www.fir3net.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"contentUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"width\":390,\"height\":88,\"caption\":\"Fir3net\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\",\"name\":\"Rick Donato\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"caption\":\"Rick Donato\"},\"description\":\"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Juniper SRX - How to Create a ReadOnly Account - Fir3net","description":"Within this article we will provide the necessary commands required to create a read-only account on a Juniper SRX. Within our example a user is created","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-how-to-create-a-readonly-account.html","og_locale":"en_US","og_type":"article","og_title":"Juniper SRX - How to Create a ReadOnly Account - Fir3net","og_description":"Within this article we will provide the necessary commands required to create a read-only account on a Juniper SRX. Within our example a user is created","og_url":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-how-to-create-a-readonly-account.html","og_site_name":"Fir3net","article_published_time":"2015-08-17T18:49:31+00:00","article_modified_time":"2021-07-31T11:45:40+00:00","author":"Rick Donato","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rick Donato","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-how-to-create-a-readonly-account.html#article","isPartOf":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-how-to-create-a-readonly-account.html"},"author":{"name":"Rick Donato","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037"},"headline":"Juniper SRX &#8211; How to Create a ReadOnly Account","datePublished":"2015-08-17T18:49:31+00:00","dateModified":"2021-07-31T11:45:40+00:00","mainEntityOfPage":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-how-to-create-a-readonly-account.html"},"wordCount":194,"publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"articleSection":["Juniper Firewalls"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-how-to-create-a-readonly-account.html","url":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-how-to-create-a-readonly-account.html","name":"Juniper SRX - How to Create a ReadOnly Account - Fir3net","isPartOf":{"@id":"https:\/\/www.fir3net.com\/#website"},"datePublished":"2015-08-17T18:49:31+00:00","dateModified":"2021-07-31T11:45:40+00:00","description":"Within this article we will provide the necessary commands required to create a read-only account on a Juniper SRX. Within our example a user is created","breadcrumb":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-how-to-create-a-readonly-account.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-how-to-create-a-readonly-account.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-how-to-create-a-readonly-account.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fir3net.com\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.fir3net.com\/security"},{"@type":"ListItem","position":3,"name":"Firewalls","item":"https:\/\/www.fir3net.com\/security\/firewalls"},{"@type":"ListItem","position":4,"name":"Juniper Firewalls","item":"https:\/\/www.fir3net.com\/security\/firewalls\/juniper"},{"@type":"ListItem","position":5,"name":"Juniper SRX &#8211; How to Create a ReadOnly Account"}]},{"@type":"WebSite","@id":"https:\/\/www.fir3net.com\/#website","url":"https:\/\/www.fir3net.com\/","name":"Fir3net","description":"Keeping you in the know","publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fir3net.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.fir3net.com\/#organization","name":"Fir3net","url":"https:\/\/www.fir3net.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","contentUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","width":390,"height":88,"caption":"Fir3net"},"image":{"@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037","name":"Rick Donato","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","caption":"Rick Donato"},"description":"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders."}]}},"_links":{"self":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/932"}],"collection":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/comments?post=932"}],"version-history":[{"count":0,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/932\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/media?parent=932"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/categories?post=932"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/tags?post=932"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}