Hi everyone!

Im having some trouble with regular expressions and permissions on our Juniper MX routers through ACS 5.4, and i would like some insight/help/poitners!!

We have a team of engineers that should only have read only permissions (important: show configuration) and also be able to just change the description on interfaces.

Thus far with the following regular expressions set for the shell profile they are going through i have managed the above, however the problem is when an engineer inputs "Show configuration", only the interfaces descriptions configuration is shown! The rest of the configuration will not be printed.

deny-commands1=.*.

allow-commands1=configure

deny-configuration1=.*.

allow-commands2=interfaces .*. description .*$

allow-configuration1=interfaces .*. description .*$

allow-commands2=show configuration.*

allow-commands3=show configuration

(some of these regex i know that are not needed, i was just playing around to check everything before posting)

Any pointers as to why or how to resolve this?

example output with the above:

show configuration

## Last commit: 2014-01-09 09:34:44 EET by someone

interfaces {

    xe-0/0/0 {

    }

    xe-0/0/1 {

        description xxxx;

    }

    xe-0/1/0 {

        description xxxx;

    }

    xe-0/1/1 {

        description xxxx;

    }

    xe-0/2/0 {

        disable;

    }

    xe-0/2/1 {

        description xxxx;

    }

    xe-0/3/0 {

        description xxxx;

    }

    xe-0/3/1 {

        description xxxx;

    }

    ae0 {

        description "xxxx";

    }

    ae1 {

        description xxxx;

    }

    demux0 {

    }

    lo0 {

    }

}

{master}

Thanks in advance!

Spyros