[j-nsp] allow-configuration/permission + insert
Erdem Sener
erdems at gmail.com
Thu Aug 14 08:24:41 EDT 2008
Hey Otto,
You need to add "firewall-control" to your class' permissions, and
you should be fine.
Cheers,
Erdem
On Thu, Aug 14, 2008 at 1:49 PM, Otto Kreiter <otto.kreiter at dante.org.uk> wrote:
> Hi,
>
> I'm trying to create a user with limited rights to access a single firewall
> filter in the firewall configuration. I have (partially) managed to find the
> most convenient way of doing it by committing the following configuration:
>
> class test {
> permissions configure;
> allow-configuration "firewall family inet filter access_in";
> }
> user test {
> uid 2002;
> class test;
> authentication {
> encrypted-password "xxx";
> }
> }
>
> This nicely allows test user to configure the access_in filter and to
> *create* new terms. However here comes the problem. When a new term is
> created this is placed automatically at the end of the filter (fair enough -
> is there is any way to specify his place?). But then when the user tries to
> insert it in the right place:
>
> test at router# insert term Test-1 before ?
> No valid completions
>
> Yes there are many other terms, even created by the same user in the same
> session. I've tried countless allow-configurations and permission
> configuration options and variations but I'm missing something and can't get
> to the bottom of the problem.
>
> I would be grateful if somebody can point me in the right direction!
>
> Thank you and regards,
> Otto
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list