Rule set in operation
After logging in as a user, the operational mode command options are filtered to allow only what the user can access based on the permissions for the user.
The following example displays the filtered output for a user called john in the protoadmin group. This example shows a subset of operational mode paths to which this user has been given access.
john@vyatta$ <tab>
Possible completions:
configure Enter configure mode
show Show system information
john@vyatta$
The following example shows that the user called john is limited to the specific show commands with access to only the show interfaces and show ip families of commands.
john@vyatta# run show <tab>
Possible completions:
interfaces Show network interface information
ip Show IPv4 routing informationjohn@vyatta$ show <tab>