Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

aaa authorization and show logging command

Hello Guys,

I am running IOS 15 on some routers and using ACS version 5.3.0.40.5 for authentication and authorization.

I would like to have a group of users not be able to access the configuration mode but issue all show commands.

However, the show logging command does not seem to work in user mode.

Any ideas or work arounds are welcome.

thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

aaa authorization and show logging command

Is your command set looks like the below listed link for read only access

http://www.security-solutions.co.za/Cisco-ACS-5.2-Role-Based-Authentication-Authorization-For-Different-Privilege-Levels-Configuration-Example.html#_Toc299569579

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin Katyal
6 REPLIES

aaa authorization and show logging command

Hello,

Here is a very good config example for you:

http://goo.gl/8LkTlw

Try the example and let us know if you have any more concerns.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
Silver

aaa authorization and show logging command

Community Member

aaa authorization and show logging command

Hello all,

Thanks for your response but it is unfortunately not the solution.

I read a few documents where Cisco would have changed the behaviour of the show logging command.

This meaning that th do a show logging command, you have to be a level 15 user.

Wat i require is for a user not to have access to the conf t command but be able to do a show logging.

This is not working after several unsuccessful tries.

aaa authorization and show logging command

Hello,

There is no contradiction. You can be a level 15 access and deny or permit access to whatever commands that you want.

I am using ACS where everyone have level 15 access but some of them can only use show commands (no conf t).

You can configure things the same way by allowing everyone level 15 access and allow or deny whatever commands you want.

let me know if you need extra help.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
Cisco Employee

aaa authorization and show logging command

Is your command set looks like the below listed link for read only access

http://www.security-solutions.co.za/Cisco-ACS-5.2-Role-Based-Authentication-Authorization-For-Different-Privilege-Levels-Configuration-Example.html#_Toc299569579

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin Katyal
Community Member

aaa authorization and show logging command

thanks for the tip !

I had more of a configuration problem.

I placed show logging and all other show commands. placing only "show" helped

255
Views
0
Helpful
6
Replies
CreatePlease to create content