I have a restricitive rule set applied for a user group which should only allow them to read the configuration and have bare minimum capabilities. But with below configuration of allowed commands, these users are not able to run any output modifier (output processing) commands or pipecommands.
For example, If I run below command and after pipe, put a question mark “?”, I do not see any possible completion like include, match, count, exclude, save etc. Is there a specific command I need to permit so that these users can have these restricted permission and still use output modifiers (output processing)
Confd version: 8.0.14
Output of pipe followed by a question mark:
# show running-config |
Possible completions:
| <cr>
Rules applied for given user group:
<rule-list>
<name>readonly-rules</name>
<group>readonly</group>
<rule>
<name>nacm-deny</name>
<path>/nacm</path>
<access-operations>create update delete read</access-operations>
<action>deny</action>
</rule>
<rule>
<name>any-config-access</name>
<module-name>*</module-name>
<access-operations>read</access-operations>
<action>permit</action>
</rule>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>config-permit</name>
<command>config</command>
<action>permit</action>
</cmdrule>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>describe-permit</name>
<command>describe</command>
<action>permit</action>
</cmdrule>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>display-level-permit</name>
<command>display-level</command>
<action>permit</action>
</cmdrule>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>help-permit</name>
<command>help</command>
<action>permit</action>
</cmdrule>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>id-permit</name>
<command>id</command>
<action>permit</action>
</cmdrule>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>idle-timeout-permit</name>
<command>idle-timeout</command>
<action>permit</action>
</cmdrule>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>ignore-leading-space-permit</name>
<command>ignore-leading-space</command>
<action>permit</action>
</cmdrule>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>help-permit</name>
<command>help</command>
<action>permit</action>
</cmdrule>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>leaf-prompting-permit</name>
<command>leaf-prompting</command>
<action>permit</action>
</cmdrule>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>paginate-permit</name>
<command>paginate</command>
<action>permit</action>
</cmdrule>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>output-file-permit</name>
<command>output-file</command>
<action>permit</action>
</cmdrule>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>prompt1-permit</name>
<command>prompt1</command>
<action>permit</action>
</cmdrule>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>prompt2-permit</name>
<command>prompt2</command>
<action>permit</action>
</cmdrule>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>pwd-permit</name>
<command>pwd</command>
<action>permit</action>
</cmdrule>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>screen-length-permit</name>
<command>screen-length</command>
<action>permit</action>
</cmdrule>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>screen-width-permit</name>
<command>screen-width</command>
<action>permit</action>
</cmdrule>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>script-permit</name>
<command>script</command>
<action>permit</action>
</cmdrule>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>send-permit</name>
<command>send</command>
<action>permit</action>
</cmdrule>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>show-permit</name>
<command>show</command>
<action>permit</action>
</cmdrule>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>show-defaults-permit</name>
<command>show-defaults</command>
<action>permit</action>
</cmdrule>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>terminal-permit</name>
<command>terminal</command>
<action>permit</action>
</cmdrule>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>timestamp-permit</name>
<command>timestamp</command>
<action>permit</action>
</cmdrule>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>any-commands-deny</name>
<command>*</command>
<action>deny</action>
</cmdrule>
</rule-list>