Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1042
Views
0
Helpful
1
Replies

ACS - Per User Command Authorization

chrisayres
Level 1
Level 1

‎04-24-2008 04:26 AM

Hi,

I am trying to limited the commands a user can use.

I would like to limit the user to a singel "Show" command

So I have done the following in the Per User Command Authorization section of the users account

deny unmatched commands

command = show

arguments = permit run interface

permit unlisted arguments ( as I want the use to able to look at any interface)

with this setting the user cannot use any command that does not start with "show".

they can also use the "show run interface" command followed by the inerface name to look at the settings.

That works fine.

But the user can also use any other command that starts with the word "show"

but I don't want them to able to do this.

How can I limit them to only show run int xxxx

Labels:
0 Helpful
1 Reply 1

akresnadi
Level 1
Level 1

‎04-28-2008 07:20 PM

Hi,

I think I have the same issue long time ago and if I don't forget, the solution is to use:

aaa authorization config-commands

0 Helpful
Customers Also Viewed These Support Documents