I've done this with perl scripts and the Juniper NETCONF libraries. I make the changes inside a configuration group which is inherited into the actual prefix-list(s), then lock down the account so it is only able to make changes to that configuration group.
groups { AUTO-PREFIX-LIST { policy-options { prefix-list AUTO-FOO { ... prefix-list AUTO-BAR { ... prefix-list AUTO-BAZ { ... system { login { class AUTO-PREFIX-LIST { permissions [ configure view view-configuration ]; allow-commands junoscript; allow-configuration "(groups AUTO-PREFIX-LIST policy-options .*)"; On Thu, Aug 12, 2021 at 02:41:10PM -0400, Alain Hebert via juniper-nsp wrote: > Context > > I'm looking for a *simple* & safe way to manage daily IRR changes > from my customers... > > Right now its a simple script that push changes using command lines > thru SSH... _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp