Aaa_init.xml rules

I have a yang model defined like:

augment /config/system {
                list admin {
                        description "Create administrator";
                        min-elements 1;
                        key "adminname";
                        leaf adminname {
                                type AAA_USER_NAME;
                        leaf password {
                                type AAA_USER_PASSWD;

I want to define a rule in aaa_init.xml where any admin can create any other admin , say adminname=admin1 creating adminname=admin2 entry but is allowed to change/update only his password.

I was trying like:

    <name>Allow admin password access</name>
    <access-operations>read update</access-operations>
    <name>Allow admin access</name>

But this is not working.

When you say your rules are not “working”, can you describe what it is that’s not working for you?

I want the behaviour like:
on startup (using some startup-config.xml) create a factory defined admin record, say admin1 (it is working for me)
now login with admin1 (ssh login) and create admin2 using the above model. Now here I don’t want admin1 to provide admin2 password, that can be taken care internally. But he should only be able to change his own , admin1 entry password. Now admin2 login to the system and can create admin3 without seeing the password option but could update his own password using the same model.

Have you defined any …deny to deny see, change, etc. other users password?
See NACM chapter in the UG and for example examples.confd//webui/basic/confd-cdb/aaa_init.xml as a reference