[c-nsp] Setting up a RO user in IOS-XR and IOS-XE
Nikolay Krasnoyarsky
nkrasnoyarsky at griddynamics.com
Mon Feb 16 10:47:53 EST 2026
XE
===
username netops-scripts privilege 15 view NETOPS-SCRIPTS-VIEW secret 9
<hash1-here>
!
parser view NETOPS-SCRIPTS-VIEW
secret 9 <hash2-here>
commands exec include all terminal
commands exec include all show
===
for XR - we do not have, someone else can reply if so
On Mon, 16 Feb 2026 at 16:40, Hank Nussbacher via cisco-nsp <
cisco-nsp at puck.nether.net> wrote:
> Under IOS-XE if we do:
>
> username <username> privilege 1 secret <password>
>
> the user has no ability to do any show commands.
>
> Elevating to priv=5 doesn't help. Only priv=15 helps - but then the
> user has RW access.
>
> So how does one set up a user in IOS-XE so they can do any and all
> "show" commands?
>
>
> Same question for IOS-XR. Tried:
>
> taskgroup read-only
>
> task read
>
> !
>
> usergroup read-only-group
>
> taskgroup read-only
>
> !
>
> username <username>
>
> group read-only-group
>
> secret <password>
>
>
> but "task read" requires many additional parameters such as “task read
> ospf”, “task read acl”, “task read bgp”, “task read ipv4” , etc.
>
>
> Can anyone provide the exact IOS-XE and IOS-XR commands to create a RO
> user?
>
>
> Thanks,
>
> Hank
>
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list