Role based CLI

Unanswered Question
Jan 28th, 2008

Dear All,

I have configured a view named monitor, in order to be able to issue show commands only.

I logged to the root view, then put the follwing conf.:

Router(config)# parser view monitor

Router(config-view)# secret cisco

Router(config-view)# command exec include all show

but I want to assign this view to a certain user, I tried to do this by this command:

username test view monitor password test

But when I login using this account (test) I be able to view everything and configure everything.

Please help me to do this job (creating a user that be able to issue certain commands and not all).

Thanks..

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
pjhenriqs Thu, 01/31/2008 - 02:31

Hi Mohammad,

Can you tell me which commands you have inserted on the router?

Here is an example for allowing ping:

aaa authorization exec AAA group RADIUSSERVERS local none

...

privilege exec all level 7 ping

...

line vty 0 4

authorization exec AAA

login authentication AAA

Hope it helps,

Paulo

aciscolook Thu, 08/14/2008 - 14:17

I have a similar issue:

I have created a view X with only a particular 'show' command.

I have also created a user Y view X in the local user database.

I can log in with user Y and am taken directly to view X.

The issue is that there are still other commands available like 'enable'.

I tried to remove using the command exec exclude enable and no command exec include to enable no avail.

Can anybody help?

husycisco Thu, 08/14/2008 - 15:48

Hello Mohammad and Antony,

Creating views and restricting users to be bound to that specific view only is "Authorization". You should have "authorization exec local" command issued in desired lines (vty or con lines)

Regards

aciscolook Thu, 08/14/2008 - 15:54

Thanks for response....

Can you explain a bit more in detail how what you suggest is done and what it will accomplish?

Why can't I just remove the 'enable' command from the view?

Thanks

Actions

This Discussion