Hi experts!
I have created a custom login class 'WEB1" to restrict the commands and the configuration changes to be made by a particular user. The commands work exactly as expected when the user logs in using CLI but when we try to execute/ configure the same commands on J-Web we are getting a permission denied error message.
Below is the login class I created for the user pavan :
====================================
set system login class WEB1 permissions configure
set system login class WEB1 permissions interface
set system login class WEB1 permissions interface-control
set system login class WEB1 permissions security
set system login class WEB1 permissions system
set system login class WEB1 allow-commands "(ping .*)|(traceroute .*)|(show .*)|(configure .*)|(exit)|(commit)|(rollback .*)|(request system .* .* .*)"
set system login class WEB1 allow-configuration "(system name-server .*) | (interfaces ge-0/0/0.0 .* .* .* .* .* .*) | (routing-options static route .* .* .* .*)"
set system login class WEB1 deny-configuration .*
I am basically allowing a bunch of show-commands and giving the user an explicit ability to modify the interface ge-0/0/0.0 , change the DNS server IP and set the default static route.
All of these are successfully done on CLI but when we try to implement the same on GUI, it says permission denied.
Example :
I try to set the IP address of ge-0/0/0.0 on CLI using the command :
set interfaces ge-0/0/0 unit 0 family inet address 1.1.1.1/29
it worked fine without a problem and I was able to commit. I tried implementing the same on J-Web, it says "permission denied."
Please help.
Thanking you.
Regards,
Pavan Katakam