1 Reply Latest reply on Dec 7, 2011 5:58 AM by Gerardo Bartoccini

    RBAC: how to restrict commands to only "CM" via blcli

    Gerardo Bartoccini

      Hi,

      I am creating an auth profile I want to use for a number of roles.

      For some reasons this has to be scripted, so I am creating a script which will create the auth profile and the role by means of blcli commands.\

       

      Now, as those roles don't have to access target servers via NSH, I would like to restrict permissions to only CM.

      However, I haven't been able to figure out how to do it via blcli.

       

      What I have achieved so far is to add "ls" command to auth profile, and then to role, which results in the following entry in users file:

       

      ReadOnly1:gbartoccini           ro,commands=CM:ls

       

      I get this by using:

       

      blcli_execute AuthorizationProfile addAuthorization ConsipRO ls nsh

       

      Is there a way of having only the following in users file?

       

      ReadOnly1:gbartoccini           ro,commands=CM

       

      Thanks

       

      PS: my aim is to prevent NSH access to target servers. Any other solutions are welcome