Variable modification block
modify
The modify action sets or updates variables and attributes within AAA
policy handlers. Use it to assign values to user attributes, system
variables, or other configuration parameters based on authentication,
authorization, or accounting logic.
Syntax
modify supports two syntax forms: a block form for multiple assignments and
a short form for a single assignment.
Block form
Use the block form when you need to set multiple variables at once:
modify {
aaa.identity = "alice";
var.my_var ?= aaa.identity;
}
Short form
Use the short form when you only need a single assignment:
modify vars.foo = "bar";
This is equivalent to:
modify {
vars.foo = "bar";
}
The short form supports all assignment operators (=, ?=, +=).
Assignment operators
| Operator | Description |
|---|---|
= | Assigns the value to the variable unconditionally. |
?= | Assigns the value only if the target variable is currently none. |
+= | Appends a new value to the variable. |
:= | Deprecated alias for = operator. |
Example
Block form with multiple assignments
aaa {
policy "MANAGEMENT" {
handler "AUTHENTICATION" {
authentication {
modify {
user.privilege = "write";
user.group = "admin";
}
http-management-authentication;
}
}
}
}
Short form
aaa {
policy "MANAGEMENT" {
handler "AUTHENTICATION" {
@execute {
modify user.privilege = "write";
http-management-authentication;
}
}
}
}