Rule set in operation for the security group
After the security group is created, non members of the group are unable to change the ACM or login information, even if they are members of the administrator group.
Consider two users, secadmin and cosadmin, who belong to the administrator group. Secadmin is a member of the security group. Cosadmin is not a member of the security group.
secadmin@vyatta:~$ configure secadmin@vyatta# set system login user secadmin level superuser secadmin@vyatta# commit
cosadmin@vyatta# set system login user cosadmin level superuser access denied