[j-nsp] allow-configuration/permission + insert

Otto Kreiter otto.kreiter at dante.org.uk
Thu Aug 14 07:49:22 EDT 2008


Hi,

I'm trying to create a user with limited rights to access a single 
firewall filter in the firewall configuration. I have (partially) 
managed to find the most convenient way of doing it by committing the 
following configuration:

class test {
    permissions configure;
    allow-configuration "firewall family inet filter access_in";
}
user test {
    uid 2002;
    class test;
    authentication {
        encrypted-password "xxx";
    }
}

This nicely allows test user to configure the access_in filter and to 
*create* new terms. However here comes the problem. When a new term is 
created this is placed automatically at the end of the filter (fair 
enough - is there is any way to specify his place?). But then when the 
user tries to insert it in the right place:

test at router# insert term Test-1 before ?
No valid completions

Yes there are many other terms, even created by the same user in the 
same session. I've tried countless allow-configurations and permission 
configuration options and variations but I'm missing something and can't 
get to the bottom of the problem.

I would be grateful if somebody can point me in the right direction!

Thank you and regards,
Otto


More information about the juniper-nsp mailing list