Thanks. Just tried, this trick worked. Created a read only user and the API key created from it is only doing read only operations.

Do bear in mind that 'read-only' access is not totally read-only - a read-only account still allows port-cycling and cable-test operations to be performed on switch ports.

For instance, cycling a port will result in downstream devices will losing connectivity and PoE.

We had a customer find this out the hard way.

I.e. you still need to be careful about granting read-only permission and caution users about these operations.

Hellos. Not sure about how to proceed. If I create a read-only admin, Can he create an API Key?
And if API Key was created by a full admin, even if a Log as a read-only admin on dashboard, API key is same one, right?

How did you proceed?

Thanks in advance.

Any user can generate an API key. The API key represents the user and their permissions - read-only user will have read-only privileges, read-write user will have read-write privileges, etc’.

If I create a read-only admin, Can he create an API Key? Yes.

And if API Key was created by a full admin, even if a Log as a read-only admin on dashboard, API key is same one, right? No , API key are created per user , but it can be shared ( but please don't do that )

Also, as soon as the user permission changes (read to write, write to read, network admin to org admin, etc’) - their API key’s privileges will reflect the change too.