Is it possible to restrict access to a pipecmd (save, specifically) through a NACM rule? I can see cmdrule and rule are options within a rule-list to restrict to a group/role, but can’t find anything for a pipecmd.
Say you want to deny the oper group of users access to the “display” CLI pipecmd. E.g. # show running-config | display xml
<rule-list>
<name>pipecmds</name>
<group>oper</group>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>display</name>
<context>cli</context>
<command>display</command>
<access-operations>read</access-operations>
<action>deny</action>
</cmdrule>
</rule-list>