Disable config mode for non privilaged user!

Hi All!

We want to disable config mode and throw warning or error for other users except admin. Please let us know how can we do modification in nacm for the same…

rgds
Balaji

You can modify the default aaa_init.xml with the following changes:

Add a cmdrule for the <rule-list> named admin as follows:

  <cmdrule xmlns="http://tail-f.com/yang/acm">
    <name>command-access</name>
    <command>*</command>
    <action>permit</action>
  </cmdrule>

Add a cmdrule for the <rule-list> named any-group as follows:

  <cmdrule xmlns="http://tail-f.com/yang/acm">
    <name>config-access</name>
    <command>config</command>
    <action>deny</action>
  </cmdrule>
1 Like

Thanks a lot it works. But some additional query please let me know if this is possible.

  1. Can we have a separate banner for different groups ?.
  2. If we want to allow some schema’s to be allowed and rest allowed, when a user tries not allowed schema’s can we throw an error not allowed on this privilage ?.

This is currently not supported.

The data rules that you define will prohibit CLI users from having access to configure data nodes that they don’t have write permission.

Thanks for the response