ConfD User Community

Use cmdrule to restrict access to a pipecmd

Is it possible to restrict access to a pipecmd (save, specifically) through a NACM rule? I can see cmdrule and rule are options within a rule-list to restrict to a group/role, but can’t find anything for a pipecmd.

Say you want to deny the oper group of users access to the “display” CLI pipecmd. E.g. # show running-config | display xml

    <rule-list>
      <name>pipecmds</name>
      <group>oper</group>
      <cmdrule xmlns="http://tail-f.com/yang/acm">
        <name>display</name>
        <context>cli</context>
        <command>display</command>
        <access-operations>read</access-operations>
        <action>deny</action>
      </cmdrule>
    </rule-list>