Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6544
Views
5
Helpful
6
Replies

can u do show run without using the enable?

ja1064
Level 1
Level 1

‎06-23-2006 08:11 AM - edited ‎03-03-2019 01:06 PM

i have an lan admin who just went through a boot camp and would like to be able to 'see' his router config so he has asked for the enable. I'm not willing to give it to him. Is there any way to give a level of access that would allow someone the ability to do a show run without using the enable. Seems unlikely but maybe there is some magic out there.

and the obvious option of just sending him the config isn't satisfying him - but then he's a pain about everything else

Labels:
0 Helpful
6 Replies 6

tdrais
Level 7
Level 7

‎06-23-2006 08:19 AM

You can change the security level of most commands. You just to put him in a level less than 15 and then move the commands to that. It is possible to make it so that he can only see parts of the run and not others. I used to have a link to a noncisco site with examples but it is broken.

0 Helpful

farkascsgy
Level 4
Level 4
In response to tdrais

‎06-23-2006 10:02 AM

Try with the following:

username readuser privilege 7 secret xxxxxxxx

privilege exec level 7 show startup-config

privilege exec level 7 show running-config

privilege exec level 7 show (with this command you can define what command is accessible).

It should be work.

Bye

FCS

eugeniodesideri
Level 1
Level 1
In response to tdrais

‎04-08-2022 02:53 AM

is it possible to have a downgrade permission for that command in ASA 9.2 as well?

0 Helpful

Runtal
Level 1
Level 1

‎02-08-2022 07:13 AM - edited ‎02-08-2022 07:14 AM

If anyone's still interested on newer devices:

 

You need following lines: (privilege level you can choose, example uses 5, as this user is already very limited, you should not go higher, as you give access to the disk and other commands should be restricted/not available if possible)

 

username Reader privilege 5 secret UseYourOwnPassword

file privilege 5

privilege exec level 5 show startup-config

privilege exec level 5 show running-config view full

privilege exec level 5 show running-config view

privilege exec level 5 show running-config

privilege exec level 5 show

 

This will enable to show the running configuration with "show running-config view full" and the startup configuration with "show startup-config"

0 Helpful

paul driver
VIP
VIP

‎02-08-2022 07:22 AM

Hello

No you cannot, you need to be in at least user exec mode and have the correct privilege to run the command.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to paul driver

‎02-08-2022 07:56 AM

The original post is pretty old. But is asks an interesting question about whether you can let an admin see the config but not be able to change anything. There have been several posts about changing security levels but this is cumbersome and difficult to really get right. There is probably an easier solution. Let the admin use show startup. I have always been puzzled why Cisco is so very protective about access using show run but not so protective about show startup.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents