Configuration command authorization in model-driven interfaces

Configuration command authorization sends multiple requests that may be the same depending on the configuration changes. In model-driven interfaces, command authorization is required for the following changes to the candidate configuration:

Note:

If the command authorization fails, the resulting configuration changes are not authorized.

Multiple authorization requests are also sent in the following cases:

Setting the system name is an operation that changes one configuration element, as shown in the following example.

[ex:/configure]
A:admin@node-2# system name foo

# Command authorization
cmd=configure 		
cmd-arg=system
cmd-arg=name
# Resulting change authorization
cmd=configure		  
cmd-arg=system
cmd-arg=name

The following log example shows that the memory context and the console command are mutually exclusive, and configuring a new value deletes the existing value. The system must also authorize the deletion.

Note:

Command accounting only logs the command that is entered.

Example: Existing configuration

[ex:/configure log log-id "42" destination]
A:admin@node-2# info
    memory {
    }

Example: Configuration commands

[ex:/configure log log-id "42" destination]
A:admin@node-2# console

Example: Resulting configuration

*[ex:/configure log log-id "42" destination]
A:admin@node-2# info
    console

Example: Command authorization requests

# Command authorization
cmd=configure			
cmd-arg=log
cmd-arg=log-id
cmd-arg=42
cmd-arg=destination
cmd-arg=console
# Resulting change authorization for console
cmd=configure			
cmd-arg=log
cmd-arg=log-id
cmd-arg=42
cmd-arg=destination
cmd-arg=console
# Resulting change authorization for memory
cmd=configure			
cmd-arg=log
cmd-arg=log-id
cmd-arg=42
cmd-arg=destination
cmd-arg=memory