is there a way to configure separated admins, one for the SRX root lsys and another to a specific lsys?
i'm trying to create two users that when you login with user1 you will login to the root lsys and when you login with user2 you will login to one of the lsyss.
thanks for your help.
There are three steps to this.
Here is a very incomplete example:
set logical-system lsys1
set system login class lsys1-class logical-system lsys1
set system login user lsys1-admin class lsys1-class
Obviously you need to configure the rest of the parameters for the logical-system as well as any additional class or user authentication and authorization.
By simply assigning a user to a class assigned to a logical-system you are restricting the user to the lays.
The master administrator can assign one or more system administrators to each logical system. Logical system administrators are confined to the context of the logical system to which they are assigned. This means that logical system administrators cannot access any global configuration statements. This also means that command output is restricted to the context to which the logical system administrators are assigned.
For more, here's a link to Juniper's documentation on configuring users and permission levels for logical systems.
