[nsp] enable commands as non-enable user?

Matt Martini Matthew E. Martini" <martini@invision.net
Mon, 12 Aug 2002 13:16:32 -0400 (EST)


-----BEGIN PGP SIGNED MESSAGE-----

Bruce,

You can do this to make "show configuration" a different security level
and then assign this level to your user. The second line must be there
or all show commands will become prive 10.

    privilege exec level 10 show configuration
    privilege exec level 1 show

    username NON_ENABLED_USER privilege 10 password USER_PASSWORD


Actually, you could drop the priv of the command to 1 but then all users
would be able to see the config.

Matt

On Mon, 12 Aug 2002, Bruce Campbell wrote:

>
> Greetings,
>
> I'm wanting to allow a dedicated non-enabled user to be able to 'show
> conf' (run through all the routers and save the conf nightly).  Is this
> possible via AAA (tacacs+)?  ( the AAA overview on cco isn't that clear on
> whether this is possible or not)
>

__________________________ http://www.invision.net/ _______________________

 Matthew E. Martini, PE        InVision.com, Inc.   (631) 543-1000 x104
 Chief Technology Officer      matt@invision.net    (631) 864-8896 Fax
_______________________________________________________________________pgp_

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i

iQEVAwUBPVftcGtXn16/JS7ZAQFU4AgAk5yZMPTmLJcqc/bF6vFQVxsSr6ZbBu7V
HamNvstyxTv4WI6/qcyA4cO/743MtLTs8uxjfYGBkhZHqw3hvAE/PUXGsNQPGQUA
iNuZCPTXXSCCaERFZKynOJkviCJacOs8tGhaiNY/Ldukk6PgU64lpb1Euhc5i7Sx
E/64QNXP3PGt6y2V7s4xKi9fnULrJMmZVG6F1cSEMtasdwH51ODAb/7vBLQzPb+I
noti2n0p2xRP5LgdNPe23lhWJS73Lh+bpP/LC2cS38w0jy0kzaiZkQ5CfE5i177z
KJr1/88BK6xhWpuMyhElzhu5hbeVOZplGHRnEiaI3Adoa2MOT7rXkA==
=+xXy
-----END PGP SIGNATURE-----