Security

Hi,

I am writing a document on how to configure the Aruba CPPM for TACACS on our infrastructure devices - some of which are Aruba devices. We have them working fine in Read Write mode but we are now in a position to start locking down access to devices. On the Aruba CPPM itself we have the following and I wanted to know what the specific option of the Aruba-Admin-Role mean so i can explain it to our Security team:

There is also an Aruba:Common option for the Aruba-Admin-Role for CLI access which has the following values:

Root

Read-Only

Location-API-Mgmt

Network-Operations

Guest Provisioning

No-Access

I haven't been able to find any documentation on these yet so if someone can point me in the right direction that would be great. Also, is this just for CLI access as we also have the HTTP:class option and I have meanings for the roles for HTTP access.

Kind regards,

Z

Typical as soon as I decide I can't find it and drop a message in here I find it:

Role assigned to the user. Predefined roles include:



guest-provisioning: Allows the user to create guest accounts on

a special WebUI page.



location-api-mgmt: Permits access to location API information.

You can log into the CLI; however, you cannot use any CLI

commands.



network-operations: Permits access to Monitoring, Reports,

and Events pages in the WebUI. You can log into the CLI;

however, you can only use a subset of CLI commands to

monitor the controller.



read-only: Permits access to CLI show commands or WebUI

monitoring pages only.



root: Permits access to all management functions on the

controller.