After logging in as a user, the operational mode command options are filtered to allow only what the user can access based on the permissions for the user.

The following example displays the filtered output for a user called john in the protoadmin group. This example shows a subset of operational mode paths to which this user has been given access.

john@vyatta$ <tab>
Possible completions:
  configure     Enter configure mode
  show          Show system information
john@vyatta$

The following example shows that the user called john is limited to the specific show commands with access to only the show interfaces and show ip families of commands.

john@vyatta# run show <tab>
Possible completions:
  interfaces    Show network interface information
  ip            Show IPv4 routing informationjohn@vyatta$ show <tab>