01-28-2008 07:57 AM - edited 03-09-2019 07:58 PM
Dear All,
I have configured a view named monitor, in order to be able to issue show commands only.
I logged to the root view, then put the follwing conf.:
Router(config)# parser view monitor
Router(config-view)# secret cisco
Router(config-view)# command exec include all show
but I want to assign this view to a certain user, I tried to do this by this command:
username test view monitor password test
But when I login using this account (test) I be able to view everything and configure everything.
Please help me to do this job (creating a user that be able to issue certain commands and not all).
Thanks..
01-29-2008 04:12 AM
Hi Mohammad,
Can you not use privilege exec level to achieve this?
Here is an example:
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml
Hope it helps,
Paulo
01-29-2008 06:37 AM
Thanks Paulo,
I tried but no effect, all privileges can do everything.
01-31-2008 02:31 AM
Hi Mohammad,
Can you tell me which commands you have inserted on the router?
Here is an example for allowing ping:
aaa authorization exec AAA group RADIUSSERVERS local none
...
privilege exec all level 7 ping
...
line vty 0 4
authorization exec AAA
login authentication AAA
Hope it helps,
Paulo
08-14-2008 02:17 PM
I have a similar issue:
I have created a view X with only a particular 'show' command.
I have also created a user Y view X in the local user database.
I can log in with user Y and am taken directly to view X.
The issue is that there are still other commands available like 'enable'.
I tried to remove using the command exec exclude enable and no command exec include to enable no avail.
Can anybody help?
08-14-2008 03:48 PM
Hello Mohammad and Antony,
Creating views and restricting users to be bound to that specific view only is "Authorization". You should have "authorization exec local" command issued in desired lines (vty or con lines)
Regards
08-14-2008 03:54 PM
Thanks for response....
Can you explain a bit more in detail how what you suggest is done and what it will accomplish?
Why can't I just remove the 'enable' command from the view?
Thanks
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: