Can you please provide an example of what you are saying should work (in text format even)?
This is what I was trying in XML (from perl) and it doesn't work with the permissions restricted to "policy-options prefix-list AUTO-.*", but it does work with the permissions widened to "policy-options .*": $jnx->load_configuration( format => "xml", action => "replace", configuration => $replace); Where the contents of the $replace variable is: <configuration> <policy-options> <prefix-list replace="replace"> <name>AUTO-FOO</name> <prefix-list-item> <name>1.1.1.1/32</name> </prefix-list-item> </prefix-list> </policy-options> </configuration> I believe I also tried applying the "replace" attribute on the <name> tag like this: <name replace="replace">AUTO-FOO</name>, but that isn't accepted as valid syntax. I ended up using a configuration group at Phil's suggestion. That way I can restrict the permissions to "groups AUTO-PREFIX-LIST policy-options .*" to allow the replace operation to work but prevent the script from mucking with objects it isn't supposed to touch. Thanks. On Thu, Feb 25, 2016 at 12:05:36PM -0500, Chris Spears wrote: > Can you add a replace attribute in the container for the prefix-lists > matching /AUTO-*/, and see if the permissions work? The equivalent > replace: tag in the text format works with a restricted login class when > using netconf. > > http://www.juniper.net/documentation/en_US/junos14.2/topics/reference/tag-summary/junos-xml-protocol-replace-attribute.html > > > > > On Mon, Feb 22, 2016 at 9:46 PM, Chuck Anderson <c...@wpi.edu> wrote: > > > On Mon, Feb 22, 2016 at 09:08:04PM -0500, Jared Mauch wrote: > > > > 1. "load replace" config with the new prefix list contents > > > > 2. commit > > > > > > > > > Try ‘load update’ first. > > > > > > That should be much faster than load replace. > > > > Yes, I see it is fast, but I can't figure out the right XML to do the > > equivalent of "load update relative" in the CLI. If I leave off the > > "relative", then the entire configuration is replaced (deleted), not > > just the prefix-list. > > > > "show | compare | display xml" exists in 15.1, but not in 14.2 :-( _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp