Hi
To deny configuration mode hierarchy commands, you need to use deny-configuration, e.g.
deny-configuration "security|(system login)"
"Security" and "system login" are not op mode commands so having them in deny-commands
has no effect. As for "request system", try the same without ^ symbol. For example
such a string works for me (denies reuest system commands)
deny-commands "(security)|(system login)|(request system)"
I don't know why it does not work with ^. These allow / deny regular expressions
have always seemed not so obvious to me.