Rule set in operation
After logging in as a user, the operational mode command options are filtered to allow only what the user can access based on the permissions for the user.
The following example displays the filtered output for a user called john in the protoadmin group. This example shows a subset of operational mode paths to which this user has been given access.
john@vyatta$ <tab> Possible completions: configure Enter configure mode show Show system information john@vyatta$
The following example shows that the user called john is limited to the specific show commands with access to only the show interfaces and show ip families of commands.
john@vyatta# run show <tab> Possible completions: interfaces Show network interface information ip Show IPv4 routing informationjohn@vyatta$ show <tab>