Thanks Cohult. We tried with cmdrule and it is working for fixed commands. Is it possible to have regex for cmdrule? If there is any free string that comes within the command, it will be difficult to control that command. For example, “delete interface eth0 port 30”. Here, I want to control it that if there is any ethernet but the port is 30. If there are multiple ethernet names, then we need to provide multiple ethernets.
Helllo Cohult, One more query , it about the rule given below, We want a regex to allow all the names come under compliance and want restrict specific name under the service. This service is child under compliance. Is it possible to use some regex at parent level ?
Regex is only supported for command rules, not data rules.
Data rules follow the standard: RFC 8341: Network Configuration Access Control Model. See node-instance-identifier.
So as described by the node-instance-identifier text in the RFC, you can try something like: /profile/compliance/service[name=‘n2’]