Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1012
Views
0
Helpful
1
Replies

Can you add/modify ACS 5.2 CLI user roles?

s.chamberlin
Level 1
Level 1

‎04-29-2011 10:13 AM - edited ‎03-10-2019 06:02 PM

My company's security group uses Tripwire to monitor for changes in start-config and running-config on network devices in PCI scope.  We are migrating from ACS v4.2 to v5.2.  I need to create the account for Tripwire on the ACS Appliance but did not want to assign the admin role which would give access to configure terminal.  The user role does not have privileges for show start-config or show running-config.  Am I missing something or are these the only 2 roles available at the CLI?  Can another rolle be added?

Labels:
0 Helpful
1 Reply 1

GregCover
Level 1
Level 1

‎05-04-2011 10:39 AM

What you need to remember about the show running-config command is that the user running the command will only be allowed to see what they are authorized to configure.  Keeping that in mind and so the tripwire user account can see "all" the running config, create a rule to allow this Tripwire user to authorize at the privilege 15 shell level and then apply a special limited command set (which you will need to create) that only allows the commands that the account needs to function.

Hope this helps!

Greg

0 Helpful
Customers Also Viewed These Support Documents