[j-nsp] allow-configuration/permission + insert
Otto Kreiter
otto.kreiter at dante.org.uk
Thu Aug 14 07:49:22 EDT 2008
Hi,
I'm trying to create a user with limited rights to access a single
firewall filter in the firewall configuration. I have (partially)
managed to find the most convenient way of doing it by committing the
following configuration:
class test {
permissions configure;
allow-configuration "firewall family inet filter access_in";
}
user test {
uid 2002;
class test;
authentication {
encrypted-password "xxx";
}
}
This nicely allows test user to configure the access_in filter and to
*create* new terms. However here comes the problem. When a new term is
created this is placed automatically at the end of the filter (fair
enough - is there is any way to specify his place?). But then when the
user tries to insert it in the right place:
test at router# insert term Test-1 before ?
No valid completions
Yes there are many other terms, even created by the same user in the
same session. I've tried countless allow-configurations and permission
configuration options and variations but I'm missing something and can't
get to the bottom of the problem.
I would be grateful if somebody can point me in the right direction!
Thank you and regards,
Otto
More information about the juniper-nsp
mailing list