https://community.cisco.com/t5/network-security/how-to-restrict-normal-users-from-viewing-logging-buffer/m-p/4605530#M1089852 <P>Hi All,</P><P>&nbsp;</P><P>I would like to give normal users all the configurations and show command privileges except show logging command. i.e. I want to restrict normal users from viewing logging buffer.</P><P>&nbsp;</P><P>It would be really greatfull if some one can help me on this.</P><P>&nbsp;</P><P>Thank you and Regards,</P><P>Dhanushka</P> Fri, 06 May 2022 06:08:34 GMT dhanushkas 2022-05-06T06:08:34Z https://community.cisco.com/t5/network-security/how-to-restrict-normal-users-from-viewing-logging-buffer/m-p/4605522#M1089851 <P>Hi All,</P><P>&nbsp;</P><P>I would like to give normal user with all the configuring and show commands except running show logging command. i.e I want to restrict normal users by viewing syslog buffer in the switch.</P><P>&nbsp;</P><P>I would appreciate if anyone can help me on this.</P><P>&nbsp;</P><P>Thank you and Regards,</P><P>Gayan Samarakoon.&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 06 May 2022 05:48:47 GMT https://community.cisco.com/t5/network-security/how-to-restrict-normal-users-from-viewing-logging-buffer/m-p/4605522#M1089851 dhanushkas 2022-05-06T05:48:47Z https://community.cisco.com/t5/network-security/how-to-restrict-normal-users-from-viewing-logging-buffer/m-p/4605530#M1089852 <P>Hi All,</P><P>&nbsp;</P><P>I would like to give normal users all the configurations and show command privileges except show logging command. i.e. I want to restrict normal users from viewing logging buffer.</P><P>&nbsp;</P><P>It would be really greatfull if some one can help me on this.</P><P>&nbsp;</P><P>Thank you and Regards,</P><P>Dhanushka</P> Fri, 06 May 2022 06:08:34 GMT https://community.cisco.com/t5/network-security/how-to-restrict-normal-users-from-viewing-logging-buffer/m-p/4605530#M1089852 dhanushkas 2022-05-06T06:08:34Z https://community.cisco.com/t5/network-security/how-to-restrict-normal-users-from-viewing-logging-buffer/m-p/4605543#M1089853 <P>how is your user AAA configured , Local or any ACS/ ISE/ or Radius ?</P> <P>&nbsp;</P> <P>you need to restrict the user to only with permit commands, so rest will be not authorized: its easy (if you use any identity-based system, if this is local you need to enter manually for that user - manual task)</P> <P>&nbsp;</P> <P>example :</P> <P>&nbsp;</P> <P>For user&nbsp;</P> <P>&nbsp;</P> <P>permit running-config</P> <P>permit cdp neigh</P> Fri, 06 May 2022 06:36:01 GMT https://community.cisco.com/t5/network-security/how-to-restrict-normal-users-from-viewing-logging-buffer/m-p/4605543#M1089853 balaji.bandi 2022-05-06T06:36:01Z https://community.cisco.com/t5/network-security/how-to-restrict-normal-users-from-viewing-logging-buffer/m-p/4605546#M1089854 <P>Hi Balaji,</P><P>&nbsp;</P><P>Thank you for your prompt reply.</P><P>&nbsp;</P><P>These users are created locally, I only want to restrict "show logging" command, all other commands should be permitted. Can this be done.</P><P>&nbsp;</P><P>Thank you,</P><P>Dhanushka.</P> Fri, 06 May 2022 06:40:28 GMT https://community.cisco.com/t5/network-security/how-to-restrict-normal-users-from-viewing-logging-buffer/m-p/4605546#M1089854 dhanushkas 2022-05-06T06:40:28Z https://community.cisco.com/t5/network-security/how-to-restrict-normal-users-from-viewing-logging-buffer/m-p/4605564#M1089856 <P>you can assign commands for privilege levels and assign relevant level to user.</P> <P><A href="https://study-ccna.com/cisco-privilege-levels/" target="_blank" rel="noopener">https://study-ccna.com/cisco-privilege-levels/</A></P> <P>&nbsp;</P> <P>Also you can use parser views to configure views and let relevant user to load permitted view at enable.</P> Fri, 06 May 2022 07:19:28 GMT https://community.cisco.com/t5/network-security/how-to-restrict-normal-users-from-viewing-logging-buffer/m-p/4605564#M1089856 Kasun Bandara 2022-05-06T07:19:28Z https://community.cisco.com/t5/network-security/how-to-restrict-normal-users-from-viewing-logging-buffer/m-p/4605578#M1089857 <P>Hi Kasun,</P><P>&nbsp;</P><P>Thank you for your reply.</P><P>&nbsp;</P><P>I only want to restrict "show logging" command only. All Other commands should be allowed. Can this be achieved without permitting all the commands explicitly which is bit cumbersome.</P><P>&nbsp;</P><P>Thank you,</P><P>Dhanushka.</P> Fri, 06 May 2022 07:18:58 GMT https://community.cisco.com/t5/network-security/how-to-restrict-normal-users-from-viewing-logging-buffer/m-p/4605578#M1089857 dhanushkas 2022-05-06T07:18:58Z https://community.cisco.com/t5/network-security/how-to-restrict-normal-users-from-viewing-logging-buffer/m-p/4605688#M1089861 <P><A href="https://www.omnisecu.com/ccna-security/parser-views-role-based-access-control-rbac.php" target="_blank">https://www.omnisecu.com/ccna-security/parser-views-role-based-access-control-rbac.php</A></P><P>PARSER view can solve you issue.</P> Fri, 06 May 2022 11:49:57 GMT https://community.cisco.com/t5/network-security/how-to-restrict-normal-users-from-viewing-logging-buffer/m-p/4605688#M1089861 MHM Cisco World 2022-05-06T11:49:57Z https://community.cisco.com/t5/network-security/how-to-restrict-normal-users-from-viewing-logging-buffer/m-p/4606195#M1089881 <P>Hi MHM,</P><P>&nbsp;</P><P>Thanks a lot for your reply.</P><P>I will run this configuration in testing environment&nbsp; and get back to you if there is anything to be done.</P><P>&nbsp;</P><P>Thank you again.</P><P>Gayan Samarakoon.</P> Sat, 07 May 2022 17:29:56 GMT https://community.cisco.com/t5/network-security/how-to-restrict-normal-users-from-viewing-logging-buffer/m-p/4606195#M1089881 dhanushkas 2022-05-07T17:29:56Z