Hi,
I have a yang model defined like:
augment /config/system {
list admin {
description "Create administrator";
tailf:cli-suppress-mode;
tailf:cli-suppress-list-no;
min-elements 1;
key "adminname";
leaf adminname {
type AAA_USER_NAME;
}
leaf password {
type AAA_USER_PASSWD;
}
}
I want to define a rule in aaa_init.xml where any admin can create any other admin , say adminname=admin1 creating adminname=admin2 entry but is allowed to change/update only his password.
I was trying like:
\<rule>
<name>Allow admin password access</name>
<module-name>exa-base</module-name>
<path>/config/system/admin[adminname='$USER']/password</path>
<access-operations>read update</access-operations>
<action>permit</action>
</rule>
<rule>
<name>Allow admin access</name>
<module-name>exa-base</module-name>
<path>/config/system/admin/adminname</path>
<access-operations>*</access-operations>
<action>permit</action>
</rule>
But this is not working.