Cisco Privilege Levels
Is there a way to setup a credential profile that uses a Cisco privilege level other than 15 for enable. In other words, is there a way to set the enable command to "
enable 10", instead of just "enable" (which defaults to 15, the highest level).
We want to be able to have DeviceExpert log into devices with SSH, but only have a restricted set of commands. In the Cisco IOS, this can be accomplished by assigning commands to a privilege level. Then the user types "enable [LEVEL]" (i.e. "enable 10" for privilege level 10) and inherits those commands assigned to the level but is restricted from using all other commands. With this option, we would be able to let DeviceExpert backup and view configs without having to worry about someone else using that user ID to make configuration changes. Would this require an enhancement (e.g. add an "Enable Level:" field to the credential profile, along with Enable Username, Enable Password, and Enable Prompt)?
Thoughts, solutions, etc?
:?:
We want to be able to have DeviceExpert log into devices with SSH, but only have a restricted set of commands. In the Cisco IOS, this can be accomplished by assigning commands to a privilege level. Then the user types "enable [LEVEL]" (i.e. "enable 10" for privilege level 10) and inherits those commands assigned to the level but is restricted from using all other commands. With this option, we would be able to let DeviceExpert backup and view configs without having to worry about someone else using that user ID to make configuration changes. Would this require an enhancement (e.g. add an "Enable Level:" field to the credential profile, along with Enable Username, Enable Password, and Enable Prompt)?
Thoughts, solutions, etc?
:?: