You can. A better article is here:
https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=10129Basically any value that you return in the "attribute value" field (root in the article) will override the default role. So you would enter read-only into the attribute value field so that users who authenticate will obtain the read-only role.
(7200) #show mgmt-role
Management User Roles
---------------------
ROLE DESCRIPTION
---- -----------
root Super user role
read-only Read only commands
location-api-mgmt location-api-mgmt
standard Standard role
nbapi-mgmt nbapi-mgmt
ap-provisioning ap-provisioning
network-operations network-operations
guest-provisioning guest-provisioning
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------
Original Message:
Sent: Sep 29, 2021 05:45 PM
From: andre heyliger
Subject: Administrator roles in Mobiity Conductor
Ok. Read through the doc and it looks like Ive done that already. I do use windows NPS (newer version of IAS) and can successfully login with root/admin access. Anyone know if I can assign RO access to a radius user without making all users RO? Ive attached a pic of the Mobility Conductor section where I can select root or RO.
------------------------------
andre heyliger
Original Message:
Sent: Sep 28, 2021 05:46 PM
From: Colin Joseph
Subject: Administrator roles in Mobiity Conductor
If you are using a Windows server, please take a look at this old document: https://higherlogicdownload.s3-external-1.amazonaws.com/HPE/602ed1cb-5984-4169-afcd-6e99387da0bf_file.pdf?AWSAccessKeyId=AKIAVRDO7IEREB57R7MT&Expires=1632869031&Signature=%2BAA5zeOcLFFPTUQSa%2Bn60FAqgDk%3D
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
Original Message:
Sent: Sep 27, 2021 02:57 PM
From: andre heyliger
Subject: Administrator roles in Mobiity Conductor
Ive got a Mobility Conductor running v8.6 as well as all my Mobility Controllers. I control access to the Mobility Conductor using radius. I can get full admin access just fine with the default role set to root under managed network -> system -> admin -> admin auth options. What I cant figure out however is how to grant read only access to the Mobility Conductor using radius. Anyone know how to do this? I do not want to use locally authenticated accounts.
------------------------------
andre heyliger
------------------------------