topic Re: Checkfailover with Readonly User in Firewall and Security Management

Re: Checkfailover with Readonly User

_Val_ — Mon, 24 Jan 2022 07:34:05 GMT

you can create a new role based on MonitorOnly and add additional commands you want those users to run

Re: Checkfailover with Readonly User

LostBoY — Mon, 24 Jan 2022 12:14:46 GMT

is it possible to clone monitorOnly and add additonal features ? i was looking at monitorOnly rba role and it mentions access to cluster info but when i run it i get an error /bin/cphaprob_start line 6 permission denied

Re: Checkfailover with Readonly User

_Val_ — Mon, 24 Jan 2022 12:34:31 GMT

Role management is described in the Gaia Admin guide. You can create custom roles with certain additional commands for your needs

Re: Checkfailover with Readonly User

LostBoY — Mon, 24 Jan 2022 13:24:30 GMT

Thanks.. i got certain things to work here.. created a role and added few view commands to it such as ntp, configuration, dns , aaa servers. However , 2 things i cudnt work out.

1) Virtual system access

2) show cluster state in this custom monitor role

regarding virtual system access i am able to run set virtual-system 2 .. but post that i cannot run any command it keeps throwing this error : supsh0361 failure setting current vrf id

as for the > show cluster state i get this error : /bin/cphaprob_start line 6 permission denied

if i can somehow get these things to work it will be very helpful.

Re: Checkfailover with Readonly User

_Val_ — Mon, 24 Jan 2022 16:29:53 GMT

Check default shell for that account. Some commands will not work from clish and require bash

Re: Checkfailover with Readonly User

LostBoY — Mon, 24 Jan 2022 16:35:26 GMT

But from adminRole users i can run show cluster state fron GAIA shell itself.. however its not working with custom roles