Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

What type of user permissions are required for users on a Junos device to manage it via Junos Space ServiceNow?

0

0

Article ID: KB21884 KB Last Updated: 16 May 2017Version: 5.0
Summary:

This article explains the required permission settings for users on a Junos device to manage it via Junos Space ServiceNow Application.

Note: These are restrictive permissions, and are the minimum for ServiceNow / Service Insight / AI-Scripts functionality.  Other permissions are required for other Junos Space Functions, or installed Junos Space Applications.

Symptoms:

The permission settings required for users on a Junos device to manage it via Junos Space Service Now.

Solution:

The permissions needed for a Junos Space Service Now user to manage a Junos device are listed below.

These permissions allow users to perform ServiceNow tasks such as install/uninstall AI-Scripts, pick and delete JMBs that are created on the device, and obtain the configuration from the device, when out-of-band changes are made.

test@MX80-SN-3> show cli authorization
Current user: 'test ' class 'servicenow'
Permissions:
configure -- Can enter configuration mode
field -- Can use field debug commands
network -- Can access the network
shell -- Can start a local shell
system -- Can view system configuration
view -- Can view current values and statistics
maintenance -- Can become the super-user
Individual command authorization:
Allow regular expression: ((apply-groups juniper-ais))| ((request system software))| ((request system script))| ((stream))| ((text-pattern))| ((file copy))| ((ping)) | ((ftp))|((file))
Deny regular expression: none
Allow configuration regular expression: (system services)|(system syslog)|(system scripts)|(groups juniper-ais)|(event-options)| (system commit synchronize)|(ftp)|(snmp)
Deny configuration regular expression: ((protocols)|(routing-instances)|(policy-options)|(services))

 
CLI Commands
set
system login class servicenow permissions configure
set system login class servicenow permissions field
set system login class servicenow permissions maintenance
set system login class servicenow permissions network
set system login class servicenow permissions shell
set system login class servicenow permissions system
set system login class servicenow permissions view
set system login class servicenow allow-commands "((apply-groups juniper-ais))| ((request system software))| ((request system script))| ((stream))| ((text-pattern))| ((file copy))| ((ping)) | ((ftp))|((file))"
set system login class servicenow allow-configuration "(system services)|(system syslog)|(system scripts)|(groups juniper-ais)|(event-options)| (system commit synchronize)|(ftp)|(snmp)"
set system login class servicenow deny-configuration "((protocols)|(routing-instances)|(policy-options)|(services))"
set system login user test class servicenow

 
Modification History:

05-15-2017: Updated to focus on ServiceNow requirements, not Junos Space as a whole.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search