Management Access Restriction to a specific Node
How to provide privilege to a management user to specific node?
This article applies to all Aruba hardware and virtual mobility controllers running 8.x version and higher.
Starting from 8.x version we can provide access to a management user to a specific node and restrict him from doing changes on other MD/nodes.
Logging in using admin privileges on MM might give you the complete root access to all other MDs. Instead we can restrict the management user and provide him privileges to
a specific node/MD so that while logging into MM he can read/write the configuration only on the specific MD whereas he can only read the configuration of other MD/nodes.
(Aruba-MM) [mynode] (config) #mgmt-user user1 root node /md/cluster/00:0c:29:f9:7a:d9
user1 --- username
root --- privilege/role name
/md/cluster/00:0c:29:f9:7a:d9 --- node path
(Aruba-MM) [mynode] (config) #show mgmt-user
Management User Table
USER PASSWD ROLE STATUS PATH
---- ------ ---- ------ ----
admin ***** root ACTIVE /
guest ***** guest-provisioning ACTIVE /
user1 ***** root ACTIVE /md/cluster/00:0c:29:f9:7a:d9
1. Logged into MM using credentials "user1"
2. Trying to modify changes for a different node and while saving the config you will get a error message at the bottom