ACE and Role Base Access List

Unanswered Question
Jan 19th, 2010
User Badges:

/* Style Definitions */ table.MsoNormalTable {mso-style-name:Standardowy; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

Hi,

I would like to ask about possibility to deny access to command show running-config and show startup-config on ace module. I know how to assign user to role and domain, but the problem is that such users are able to run show running-config or show start-up config

if I did

Role limit-access

“rule 1 deny monitor”

“rule 2 permit monitor feature rserver “

The users are able to see all configs.

Thanks.

Rico Nego

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ganesh Hariharan Tue, 01/19/2010 - 22:54
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi Rico,


Check out the link below on ACE role based authorization hope that clears out your query !!


http://www.ciscosystems.ro/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/getting/started/guide/getstartgd.pdf


If helpful do rate the valuable post !!


Regards

Ganesh.H

Actions

This Discussion