In ScreenOS, RADIUS authentication features support RADIUS attributes for everything except usernames, passwords, and IP addresses (this is standard behavior for XAuth and L2TP). 

The following shows the supported admin privilege attribute values:

For RADIUS Server Dictionary files:

For ScreenOS MIBs and dictionary files:
http://www.juniper.net/techpubs/software/index_mibs.html.


ROOT Admin Privilege Notes: 

• The ROOT admin privilege level is not supported in ScreenOS 5.4 and below.  It is supported in ScreenOS 6.0 and above.
• If using the ScreenOS dictionary files, use the ScreenOS 6.2.0 RADIUS dictionary file (for ScreenOS 6.x), as it has the ROOT attribute.  The ScreenOS 6.0.0 RADIUS dictionary file does not have the ROOT attribute.

6.2.0.radius.netscreen.zip (netscreen.dct)
# For Admin Privileges
# READ_WRITE (ALL): 2, VSYS_ADMIN: 3, READ_ONLY: 4, VSYS_READ_ONLY: 5
ATTRIBUTE NS-Admin-Privilege 26 [vid=3224 type1=1 len1=+2 data=int4] r
VALUE NS-Admin-Privilege ROOT 1
VALUE NS-Admin-Privilege READ_WRITE 2
VALUE NS-Admin-Privilege VSYS_ADMIN 3
VALUE NS-Admin-Privilege READ_ONLY 4
VALUE NS-Admin-Privilege VSYS_READ_ONLY 5

6.0.0.radius.netscreen.zip (netscreen.dct)
# For Admin Privileges
# READ_WRITE (ALL): 2, VSYS_ADMIN: 3, READ_ONLY: 4, VSYS_READ_ONLY: 5
ATTRIBUTE NS-Admin-Privilege 26 [vid=3224 type1=1 len1=+2 data=int4] r
VALUE NS-Admin-Privilege READ_WRITE 2
VALUE NS-Admin-Privilege VSYS_ADMIN 3
VALUE NS-Admin-Privilege READ_ONLY 4
VALUE NS-Admin-Privilege VSYS_READ_ONLY 5