I am trying to limited the commands a user can use.
I would like to limit the user to a singel "Show" command
So I have done the following in the Per User Command Authorization section of the users account
deny unmatched commands
command = show
arguments = permit run interface
permit unlisted arguments ( as I want the use to able to look at any interface)
with this setting the user cannot use any command that does not start with "show".
they can also use the "show run interface" command followed by the inerface name to look at the settings.
That works fine.
But the user can also use any other command that starts with the word "show"
but I don't want them to able to do this.
How can I limit them to only show run int xxxx