{"id":932,"date":"2015-08-17T18:49:31","date_gmt":"2015-08-17T18:49:31","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2015\/08\/17\/juniper-srx-how-to-create-a-readonly-account\/"},"modified":"2021-07-31T11:45:40","modified_gmt":"2021-07-31T11:45:40","slug":"juniper-srx-how-to-create-a-readonly-account","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Firewalls\/Juniper\/juniper-srx-how-to-create-a-readonly-account.html","title":{"rendered":"Juniper SRX – How to Create a ReadOnly Account"},"content":{"rendered":"
Within this article we will provide the necessary commands required to create a read-only account on a Juniper SRX. Within our example a user is created with the following attributes,<\/p>\n
The configuration is pretty simple. A class is first created which defines what the user can do. Finally a user is then created and the class assigned.<\/p>\n
Here is a breakdown of the class,<\/p>\n
login {\r\n\u00a0\u00a0\u00a0 class user1 {\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 permissions [ admin interface routing security system ];\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 allow-commands show; \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 deny-commands \"(clear)|(file)|(file show)|(help)|(load)|(monitor)|(op)|(request)|(save)\r\n|(set)|(start)|(user1)\";\r\n deny-configuration \"(policy-options)|(security address-book)\"; \r\n\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0 user user1 { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 uid 2007; \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 class user1; \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 authentication { \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 encrypted-password \"$1$u.5scwBy$wzCJgOIqu8LvIjB9CJco70\"; ## SECRET-DATA \r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 } \r\n\u00a0\u00a0\u00a0 } \r\n }<\/pre>\nCommands<\/h2>\n
The actual commands to configure the above are shown below,<\/p>\n
set system login class user1 permissions admin\r\nset system login class user1 permissions interface\r\nset system login class user1 permissions routing\r\nset system login class user1 permissions security\r\nset system login class user1 permissions system\r\nset system login class user1 allow-commands show\r\nset system login class user1 deny-commands \"(clear)|(file)|(file show)|(help)|(load)|(monitor)\r\n|(op)|(request)|(save)|(set)|(start)|(user1)\"\r\nset system login class user1 deny-configuration \"(policy-options)|(security address-book)\"\r\n\r\nset system login user user1 uid 2007\r\nset system login user user1 class user1\r\nset system login user user1 authentication plain-text-password \/\/ prompts you to enter password<\/pre>\n","protected":false},"excerpt":{"rendered":"Within this article we will provide the necessary commands required to create a read-only account on a Juniper SRX. Within our example a user is created with the following attributes, A user with the username of ‘user1‘. ONLY allowed to use the show command. SNMP configuration is REMOVED from the configuration output. The policy-options and … Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[],"yoast_head":"\n
Juniper SRX - How to Create a ReadOnly Account - Fir3net<\/title>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\t\n