Re: Read-only user able to execute a specific command

Pompom-Paris · ‎06-20-2018

Hello,

I"m trying to find the best way to create a read-only user that would only have the privilege to execute either one of theese 2 commands :

- show config structured

- copy config config tftp <ip_dest> <filename>

I would prefer the first one (because I can save the ssh session and get the whole config, the second command line doesn't show the interfaces configuration)

I tried playing with aaa authentication/authorization, and with the operator role but didn't get good results

Thanks in advance for your help

Device/Firmware informations :

HP-2530-8G-PoEP# show version

Image stamp: /ws/swbuildm/rel_ukiah_qaoff/code/build/lakes(swbuildm_rel_ukiah_qaoff_rel_ukiah)
Jul 21 2017 13:28:25
YA.16.04.0008
485
Boot Image: Primary

Boot ROM Version: YA.15.19

TerjeAFK · ‎06-21-2018

If you want to limit a user to certain commands I think Tacacs would be your best bet. For local users I think your only access levels are manager (full access) and operator (read-only).

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Read-only user able to execute a specific command

Read-only user able to execute a specific command

Re: Read-only user able to execute a specific command