I am creating an auth profile I want to use for a number of roles.
For some reasons this has to be scripted, so I am creating a script which will create the auth profile and the role by means of blcli commands.\
Now, as those roles don't have to access target servers via NSH, I would like to restrict permissions to only CM.
However, I haven't been able to figure out how to do it via blcli.
What I have achieved so far is to add "ls" command to auth profile, and then to role, which results in the following entry in users file:
I get this by using:
blcli_execute AuthorizationProfile addAuthorization ConsipRO ls nsh
Is there a way of having only the following in users file?
PS: my aim is to prevent NSH access to target servers. Any other solutions are welcome
I discovered that if I remove the authorization
the role is no longer able to connect to servers, as it is no longer able to connect to NSH proxy.
So, using this and configuring the exports file on target servers to accept connections only from the appserver should do the trick.