Hi Experts,
We have a command “action-1” under operation mode, it will automatically have a “do action-1” command under config mode. We don’t want to expose “do action-1”.
Can NACM rule forbit the command “do action-1” under config mode but allow “action-1” under operation mode and how?
BR,
Harry Huang
Did you try to use tailf:hidden full for second action point? The ConfD user guide specifies tailf:hidden can be used for action. See tailf_yang_extensions in the ConfD User guide.
Hi,
I believe you want to do something like this:
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>do-action1</name>
<context>cli</context>
<command>do action1</command>
<access-operations>exec</access-operations>
<action>deny</action>
</cmdrule>
<rule>
<name>action1</name>
<rpc-name>action1</rpc-name>
<access-operations>exec</access-operations>
<action>permit</action>
</rule>