I was wondering how you can manage SDWAN with IaC and stop somebody from logging into the GUI and making a configuration change. There are some obvious ways as in not giving out admin access to the GUI. However, I was wondering if there were some ways of managing it with IaC that stops a user from making a change.
For example if user belongs to operator group, user can only view the information and can't do configuration on vManage GUI and similarly the user will not be able to trigger the API calls related to configuration of policies or templates.
But there is nothing in the solution that would stop an admin from logging into a GUI and making a change. I am just wondering how you can keep a git repository as the production running configuration and then merge changes from a git branch as a production change and at the same time a person logs into the GUI as an admin and makes a change.