Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Champion
Champion

Read-Only account for Gaia API?

For the GAIA API we are trying to create a role that allows the users to only use show commands, but currently all we can get working is a user with the full admin role. In our case we are using TacAcs authentication and the role associated to this also needs to be assigned otherwise it will not work.

Any idea how to configure the role for a Read-Only API user?

Regards, Maarten
0 Kudos
7 Replies
Highlighted

MonitorRole doesn't work when attached to that user?
0 Kudos
Highlighted
Champion
Champion

Nope.
Regards, Maarten
0 Kudos
Highlighted

Did you got some answer from TAC?
0 Kudos
Highlighted
Champion
Champion

Did not open a case yet.
Regards, Maarten
0 Kudos
Highlighted
Champion
Champion

@Tal_Martsiano would you like to comment on this?
Regards, Maarten
0 Kudos
Highlighted

Have you got a solution for this yet? I am very interested in setting up a similar account too.

Thanks.

0 Kudos
Highlighted

You can create a new RBA role where only "show configuration" will be allowed. This is not related to API, but for GAIA permissions only.

 

add rba role show_only domain-type System readonly-features configuration
add rba user <AFFECTED_USER> roles show_only

 

Try to play with webUI and Roles there. Specify only commands you want to allow and simply flag it as "read only".

Kind regards,
Jozko Mrkvicka
0 Kudos