I have a user who has been given read-only, privilege level 1, access and wants the ability to use the various SHOW commands. We have ACS running in this environment. Is there a way, through ACS, to give him these commands?
Policy Elements/Authorization and Permissions/Device Administration/Shell Profiles has ReadOnly with all shell attributes set to not in use, default/max privilege set to 1, nothing extra in custom attributes. Same set of submenus, Command Sets, Limited has "Permit" "SHOW" with no arguments listed. Under Access Policies, Standard Device Admin, Authorization, I have a rule for the identity group assigned to the user in all locations and all device types that assigns the shell profile of ReadOnly and the command set of Limited. However, the user cannot perform any such commands
What am I missing? Is there another way to do this? As I said, the key is to provide the show commands without the ability to make changes to the devices.