Say you want to deny the oper group of users access to the “display” CLI pipecmd. E.g. # show running-config | display xml
<rule-list>
<name>pipecmds</name>
<group>oper</group>
<cmdrule xmlns="http://tail-f.com/yang/acm">
<name>display</name>
<context>cli</context>
<command>display</command>
<access-operations>read</access-operations>
<action>deny</action>
</cmdrule>
</rule-list>