Solved: You're welcome. Please mark

chanccmtech · ‎03-14-2017

Hi all,

I have created a custom user roles in my FMC. However can I restrict these users from using CLI access to the appliance? I only require CLI access for administrator.

Need a pointer.

Thanks!

Marvin Rhoads · ‎03-15-2017

When you create a local custom user account in FirePOWER Management Center (FMC), that user only has to the FirePOWER web interface, not the command line interface (cli) or, as Cisco refers to it, the "shell".

Adding local users to the FMC shell requires you add them using the bash shell ("sudo useradd").

If you are using external authentication, you can disable it from allowing shell access when you define the external authentication object. ("Disabled" is the default there.)

View solution in original post

Marvin Rhoads · ‎03-15-2017

You're welcome. Please mark your question as answered if it has been.

View solution in original post

Marvin Rhoads · ‎03-15-2017

When you create a local custom user account in FirePOWER Management Center (FMC), that user only has to the FirePOWER web interface, not the command line interface (cli) or, as Cisco refers to it, the "shell".

Adding local users to the FMC shell requires you add them using the bash shell ("sudo useradd").

If you are using external authentication, you can disable it from allowing shell access when you define the external authentication object. ("Disabled" is the default there.)

chanccmtech · ‎03-15-2017

Much appreciated! I wasn't sure if that was the meaning of "Shell".

Thanks for the pointer!

Marvin Rhoads · ‎03-15-2017

You're welcome. Please mark your question as answered if it has been.

User Roles Restrictions