Read-Only account for Gaia API?

Maarten_Sjouw · ‎2019-09-23

For the GAIA API we are trying to create a role that allows the users to only use show commands, but currently all we can get working is a user with the full admin role. In our case we are using TacAcs authentication and the role associated to this also needs to be assigned otherwise it will not work.

Any idea how to configure the role for a Read-Only API user?

Regards, Maarten

Martin_Valenta · ‎2019-09-24

MonitorRole doesn't work when attached to that user?

Maarten_Sjouw · ‎2019-09-24

Nope.

Regards, Maarten

Martin_Valenta · ‎2019-09-26

Did you got some answer from TAC?

Maarten_Sjouw · ‎2019-09-26

Did not open a case yet.

Regards, Maarten

Maarten_Sjouw · ‎2019-10-23

@Tal_Martsiano would you like to comment on this?

Regards, Maarten

Nick_Doropoulos · ‎2019-11-23

Have you got a solution for this yet? I am very interested in setting up a similar account too.

Thanks.

JozkoMrkvicka · ‎2019-11-23

You can create a new RBA role where only "show configuration" will be allowed. This is not related to API, but for GAIA permissions only.

add rba role show_only domain-type System readonly-features configuration
add rba user <AFFECTED_USER> roles show_only

Try to play with webUI and Roles there. Specify only commands you want to allow and simply flag it as "read only".

Kind regards,
Jozko Mrkvicka

Are you a member of CheckMates?

Read-Only account for Gaia API?