[tac_plus] Granular restrictions of the "show" commands
David Crane
daveycraney at gmail.com
Mon Mar 5 16:37:45 UTC 2012
Hi,
I'm trying to restrict the running of show commands on a more granular
level. I just can't figure out how to do it.
What I want is a user to be able to perform
show run interface fa0/1 (For example)
but not perform a
show run
or
show run interface vlan
relevant tac config is
cmd = "show" {
permit "/^running-config interface/"
}
This appears to be just allowing all show commands. I've tried different
expressions after googling several different configs, but everything I try
appear to just deny all show commands, or allows them all.
I believe this is possible to do. I just need to know what I'm missing and
how this should be formatted.
Much appreciated.
Dave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20120305/444609ac/attachment.html>
More information about the tac_plus
mailing list