[j-nsp] allow-configuration/permission + insert

Erdem Sener erdems at gmail.com
Thu Aug 14 08:24:41 EDT 2008


Hey Otto,

 You need to add "firewall-control" to your class' permissions, and
you should be fine.

Cheers,
Erdem

On Thu, Aug 14, 2008 at 1:49 PM, Otto Kreiter <otto.kreiter at dante.org.uk> wrote:
> Hi,
>
> I'm trying to create a user with limited rights to access a single firewall
> filter in the firewall configuration. I have (partially) managed to find the
> most convenient way of doing it by committing the following configuration:
>
> class test {
>   permissions configure;
>   allow-configuration "firewall family inet filter access_in";
> }
> user test {
>   uid 2002;
>   class test;
>   authentication {
>       encrypted-password "xxx";
>   }
> }
>
> This nicely allows test user to configure the access_in filter and to
> *create* new terms. However here comes the problem. When a new term is
> created this is placed automatically at the end of the filter (fair enough -
> is there is any way to specify his place?). But then when the user tries to
> insert it in the right place:
>
> test at router# insert term Test-1 before ?
> No valid completions
>
> Yes there are many other terms, even created by the same user in the same
> session. I've tried countless allow-configurations and permission
> configuration options and variations but I'm missing something and can't get
> to the bottom of the problem.
>
> I would be grateful if somebody can point me in the right direction!
>
> Thank you and regards,
> Otto
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list