Hello all,
I 'm testing allow-configuration-regexp command on junos 12.1, and it doesn't work at all 🙂
Here is the sample from juniper documentation:
[edit system login class class-name]
user@host# set permissions configure view view-configuration
user@host# set allow-configuration-regexps "system services"
Ok, I do the same for my test class
show configuration system login class testclass
permissions [ configure view ];
allow-configuration-regexps "system services";
view - just to check cli authorization.
> show cli authorization
Current user: 'testuser ' class 'testclass'
Permissions:
configure -- Can enter configuration mode
view -- Can view current values and statistics
Individual command authorization:
Allow regular expression: none
Deny regular expression: none
Allow configuration regular expression: "system services"
Deny configuration regular expression: none
-------
So show cli authorizations looks ok, but it's not possible to change anything in system services
testuser@SITE-1> configure
Entering configuration mode
[edit]
testuser@SITE-1# edit ?
No valid completions
[edit]
testuser@SITE-1# edit system
^
syntax error, expecting <statement> or <identifier>.
testuser@SITE-1# edit system
Actually I've tested many different combinations of allow-configuration-regexp and deny-configuration-regexp and still don't understand how they work 🙂
Any help?
#privileges