Requirement:
How to provide privilege to a management user to specific node?
This article applies to all Aruba hardware and virtual mobility controllers running 8.x version and higher.
Starting from 8.x version we can provide access to a management user to a specific node and restrict him from doing changes on other MD/nodes.
Logging in using admin privileges on MM might give you the complete root access to all other MDs. Instead we can restrict the management user and provide him privileges to
a specific node/MD so that while logging into MM he can read/write the configuration only on the specific MD whereas he can only read the configuration of other MD/nodes.
From CLI:
(Aruba-MM) [mynode] (config) #mgmt-user user1 root node /md/cluster/00:0c:29:f9:7a:d9 Password:******** Re-Type Password:********
user1 --- username
root --- privilege/role name
/md/cluster/00:0c:29:f9:7a:d9 --- node path
(Aruba-MM) [mynode] (config) #show mgmt-user
Management User Table --------------------- USER PASSWD ROLE STATUS PATH ---- ------ ---- ------ ---- admin ***** root ACTIVE / guest ***** guest-provisioning ACTIVE / user1 ***** root ACTIVE /md/cluster/00:0c:29:f9:7a:d9
From WebUI:
1. Logged into MM using credentials "user1"
2. Trying to modify changes for a different node and while saving the config you will get a error message at the bottom
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.