Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2321
Views
1
Helpful
1
Replies

Role Based access control vs Privilege Level

Magesh Kumar
Level 1
Level 1

‎10-18-2019 06:56 PM

Hi all,

 

We are planned to Implement command restrictions for different users in our Cisco Routers, Switches and ASA. For testing purpose, we have already hardened one of our router using privilege level commands. Its working fine, but for that we have to take all the EXEC, Configuration mode commands from that router and segregated it based on user needs. Just now, we got some glance about RBAC which was different from privilege levels. So our Questions are,

 

What is the difference between Privilege level and RBAC?

Comparing RBAC with Privilege levels, which is best one with respect to security?

Is RBAC supported in Cisco ASA devices?

For RBAC also, we should take note of all the commands and segregate it?

In Configuration Point of view, which is better one?

 

Thanks in advance.

 

Regards,

Magesh Kumar G

Regards,
Magesh Kumar G
0 Helpful
1 Reply 1

Georg Pauwen
VIP
VIP

‎10-19-2019 06:08 AM - edited ‎10-19-2019 06:08 AM

Hello,

 

to partially answer your question, role based cli access is a lot more granular than privilege levels, that is, you can define specific commands you want your users to be able to execute, as opposed to privilege levels, which have a subset of commands that you cannot customize.

 

It is (obviously) a lot more tedious to set up role based access, but if you really want to control what your users are allowed and have access to, I would prefer that over privilege levels...

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card