Question

Extreme Management Center rel 8.4.4.26 user RO

  • 10 June 2020
  • 8 replies
  • 242 views

Badge
  • Contributor
  • 24 replies

Hi team,

 

I want to create users for monitoring with only read access to Networks, Alarms & Events section.

And if it possible, only to execute restricted commands, like show commands o create (not delete) vlans (for example).

Once the user is created under OS, I think that I have to create a new Authorization Groups with these rights and  link user to that, but the problem is that a customized group has a lot of  capabilities for select, and I don´t know what is the minimun to achive at least the first requirement.

What are the minimun capabilities to slect in order to have RO user in all section or at lest in Networks  and Alarms & Events?

Is there any way to achieve the second rights?

Thanks in advance!!

EF


8 replies

Userlevel 7

Even it’s a old post it’s still the same principle so here the link for an example...

https://community.extremenetworks.com/extrememanagement-230297/map-only-rights-in-oneview-7652674

 

As you’d see most sections have a “read-only” and a “read/write” access option.

Just select the read-only for whatever section you’d like to give access and give it a try.

 

-Ron

Badge

Thanks Ron, giving only the rights shown in that post, the user only gain Access to Networks and Alarms section in RO, but still is able open CLI session with all rights.

any way to limit?

 

Regards,

 

EF

 

Userlevel 7

OK now I get what you mean with the terminal access….

 

AFAIK the terminal uses the user/pw that is configured in the device SNMP profile > CLI credentials so there is no difference in rw or ro user = I don’t see how what you are looking for is possible.

 

-Ron

Badge

Thanks Ron, I thought the same, the devices SNMP profile is the same.

One more question, I prefer give GUI access than CLI to thise users, or atleast give the two options, but with your rights (as you see in the previous image) only have CLI, Do you know what capability must be enable? Sorry but I can´t find it.

 

Thanks in advance!!!

Userlevel 7

I’m sorry but I”m not sure whether I understand… 

you want to know how to get the “WebView” option in the menu or is it something else ?!?!

 

-Ron

Userlevel 7

FYI, the help function in XMC isn’t that bad so here the link about the Authorization Group Capabilities - just replace the my IP with your XMC IP.

 

https://172.24.24.110:8443/Clients/help/content/oneview/docs/admin/docs/ov_admin_user_capabilities.html?Highlight=authorization%20group

 

-Ron

Badge

Yes, this is that a want, like "RO" users can access to CLI with full access becasue SNMP profile it´s the same, I prefer give then GUI ("WebView") to them, but with your rights this doesnt appear.

I´ll review the help link in my XMC.

Thanks!!!

EF

Badge

To include this right, you must check:

Extreme Management Center OneView --> Access OneView Administration

Into the group.

 

 

I hope usefull for others.

 

Thanks Ron!!

 

EF

Reply