[c-nsp] Setting up a RO user in IOS-XR and IOS-XE
Hank Nussbacher
hank at interall.co.il
Mon Feb 16 10:40:21 EST 2026
Under IOS-XE if we do:
username <username> privilege 1 secret <password>
the user has no ability to do any show commands.
Elevating to priv=5 doesn't help. Only priv=15 helps - but then the
user has RW access.
So how does one set up a user in IOS-XE so they can do any and all
"show" commands?
Same question for IOS-XR. Tried:
taskgroup read-only
task read
!
usergroup read-only-group
taskgroup read-only
!
username <username>
group read-only-group
secret <password>
but "task read" requires many additional parameters such as “task read
ospf”, “task read acl”, “task read bgp”, “task read ipv4” , etc.
Can anyone provide the exact IOS-XE and IOS-XR commands to create a RO user?
Thanks,
Hank
More information about the cisco-nsp
mailing list