Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Create a rule allowing all operations on /show/ip for the protoadmin group.

Code Block
danos@R1#setdanos@R1# set system acm operational-ruleset rule 10 action 'allow'
danos@R1# danos@R1#setset system acm operational-ruleset rule 10 command '/show/ip/*'
danos@R1# danos@R1#setset system acm operational-ruleset rule 10 group 'protoadmin'

Create a rule allowing all operations on /show/interfaces for the protoadmin group.

Code Block
danos@R1#setdanos@R1# set system acm operational-ruleset rule 20 action 'allow'
danos@R1# danos@R1#setset system acm operational-ruleset rule 20 command '/show/interfaces/*'
danos@R1# danos@R1#setset system acm operational-ruleset rule 20 group 'protoadmin'

Create a rule allowing all operations on /configure for the protoadmin group.

Code Block
danos@R1#setdanos@R1# set system acm operational-ruleset rule 30 action 'allow'
danos@R1# danos@R1#setset system acm operational-ruleset rule 30 command '/configure'
danos@R1# danos@R1#setset system acm operational-ruleset rule 30 group 'protoadmin'

Deny all operations on all other paths for the protoadmin group.

Code Block
danos@R1#setdanos@R1# set system acm operational-ruleset rule 40 action 'deny'
danos@R1# danos@R1#setset system acm operational-ruleset rule 40 command '*'
danos@R1# danos@R1#setset system acm operational-ruleset rule 40 group 'protoadmin'

...