04-08-2014 07:29 AM
I am writing a document on how to configure the Aruba CPPM for TACACS on our infrastructure devices - some of which are Aruba devices. We have them working fine in Read Write mode but we are now in a position to start locking down access to devices. On the Aruba CPPM itself we have the following and I wanted to know what the specific option of the Aruba-Admin-Role mean so i can explain it to our Security team:
There is also an Aruba:Common option for the Aruba-Admin-Role for CLI access which has the following values:
I haven't been able to find any documentation on these yet so if someone can point me in the right direction that would be great. Also, is this just for CLI access as we also have the HTTP:class option and I have meanings for the roles for HTTP access.
04-08-2014 07:39 AM
Typical as soon as I decide I can't find it and drop a message in here I find it:
Role assigned to the user. Predefined roles include:
guest-provisioning: Allows the user to create guest accounts on
a special WebUI page.
location-api-mgmt: Permits access to location API information.
You can log into the CLI; however, you cannot use any CLI
network-operations: Permits access to Monitoring, Reports,
and Events pages in the WebUI. You can log into the CLI;
however, you can only use a subset of CLI commands to
monitor the controller.
read-only: Permits access to CLI show commands or WebUI
monitoring pages only.
root: Permits access to all management functions on the