1 Reply Latest reply on Dec 7, 2011 5:58 AM by Gerardo Bartoccini

    RBAC: how to restrict commands to only "CM" via blcli

    Gerardo Bartoccini


      I am creating an auth profile I want to use for a number of roles.

      For some reasons this has to be scripted, so I am creating a script which will create the auth profile and the role by means of blcli commands.\


      Now, as those roles don't have to access target servers via NSH, I would like to restrict permissions to only CM.

      However, I haven't been able to figure out how to do it via blcli.


      What I have achieved so far is to add "ls" command to auth profile, and then to role, which results in the following entry in users file:


      ReadOnly1:gbartoccini           ro,commands=CM:ls


      I get this by using:


      blcli_execute AuthorizationProfile addAuthorization ConsipRO ls nsh


      Is there a way of having only the following in users file?


      ReadOnly1:gbartoccini           ro,commands=CM




      PS: my aim is to prevent NSH access to target servers. Any other solutions are welcome