...
Create a rule allowing all operations on /show/ip for the protoadmin group.
Code Block |
---|
danos@R1#setdanos@R1# set system acm operational-ruleset rule 10 action 'allow'
danos@R1# danos@R1#setset system acm operational-ruleset rule 10 command '/show/ip/*'
danos@R1# danos@R1#setset system acm operational-ruleset rule 10 group 'protoadmin' |
|
Create a rule allowing all operations on /show/interfaces for the protoadmin group.
Code Block |
---|
danos@R1#setdanos@R1# set system acm operational-ruleset rule 20 action 'allow'
danos@R1# danos@R1#setset system acm operational-ruleset rule 20 command '/show/interfaces/*'
danos@R1# danos@R1#setset system acm operational-ruleset rule 20 group 'protoadmin' |
|
Create a rule allowing all operations on /configure for the protoadmin group.
Code Block |
---|
danos@R1#setdanos@R1# set system acm operational-ruleset rule 30 action 'allow'
danos@R1# danos@R1#setset system acm operational-ruleset rule 30 command '/configure'
danos@R1# danos@R1#setset system acm operational-ruleset rule 30 group 'protoadmin' |
|
Deny all operations on all other paths for the protoadmin group.
Code Block |
---|
danos@R1#setdanos@R1# set system acm operational-ruleset rule 40 action 'deny'
danos@R1# danos@R1#setset system acm operational-ruleset rule 40 command '*'
danos@R1# danos@R1#setset system acm operational-ruleset rule 40 group 'protoadmin' |
|
...