Hi team,
I'm currently trying to prevent users from executing this command via all methods from NSO (cli, REST, etc)
"devices device <deviceName> config default interface Loopback 0"
I'm looking at NACM rule-list to apply this restriction, so far I have tried below paths, to no avail:
path: /devices/device/config/ios:EXEC/default[input/args="interface Loopback 0"]
access-operations: read,update,delete,exec
action: deny
path: /devices/device/config/ios:EXEC/default[args="interface Loopback 0"]
access-operations: read,update,delete,exec
action: deny
path: /devices/device/config/ios:EXEC/default[input="interface Loopback 0"]
access-operations: read,update,delete,exec
action: deny
If I change the path as /devices/device/config/ios:EXEC/default , I managed to restrict the "default" command itself - which is great, but wondering if there's a way I can drill down to more specific arguments?
This is the snippets of yang model of the IOS NED which I'm not sure if I construct my path correctly:
// default tailf:action "default" { tailf:info "Set a command to its defaults"; tailf:actionpoint ncsinternal { tailf:internal; } input { leaf-list args { tailf:cli-drop-node-name; tailf:cli-flat-list-syntax; type string { tailf:info "ACTION:;;default <argument(s)>"; } } } output { leaf result { type string; } } } |
Thank you!
