Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Rule set in operation

After logging in as a user, the configuration command options are filtered to allow only what the user can access based on the permissions for the user. Output from the show command for the user configuration is also filtered.

This section displays the filtered output for a user called john in the protoadmin group. Notice that this user is restricted to the interfaces, policy, and protocols configuration commands as configured in the following example.

john@vyatta# set <tab>
 Possible completions:
 > interfaces   Network interfaces
 > policy       PBR, QoS, & routing policy
 > protocols    Routing protocol parameters

In the following example, the resources, security, service, and system branches of the tree are missing, which indicates that the configuration command options for these branches are not available to the user called john.


[edit]
john@vyatta# show
 interfaces {
     dataplane dp0p2p1 {
         address dhcp
         description "foo bar"
         mtu 1500
     }
     dataplane dp0port2 {
         address dhcp
         mtu 1500
     }
     loopback lo {
     }
 }
policy {
    route {
        route-map test {
            rule 10 {
            action permit
            }
        }
    }
}
protocols {
     static {
         route 198.18.1.2/32 {
             next-hop 198.18.2.3 {
             }
         }
     }
 }
[edit]
john@vyatta#