Rule set in operation
After logging in as a user, the configuration command options are filtered to allow only what the user can access based on the permissions for the user. Output from the show command for the user configuration is also filtered.
This section displays the filtered output for a user called john in the protoadmin group. Notice that this user is restricted to the interfaces, policy, and protocols configuration commands as configured in the following example.
john@vyatta# set <tab>
Possible completions:
> interfaces Network interfaces
> policy PBR, QoS, & routing policy
> protocols Routing protocol parameters
In the following example, the resources, security, service, and system branches of the tree are missing, which indicates that the configuration command options for these branches are not available to the user called john.
[edit]
john@vyatta# show
interfaces {
dataplane dp0p2p1 {
address dhcp
description "foo bar"
mtu 1500
}
dataplane dp0port2 {
address dhcp
mtu 1500
}
loopback lo {
}
}
policy {
route {
route-map test {
rule 10 {
action permit
}
}
}
}
protocols {
static {
route 198.18.1.2/32 {
next-hop 198.18.2.3 {
}
}
}
}
[edit]
john@vyatta#