As you are asking for a BSA role which should not have access to console.
- you are talking about the BSA roles & every role which is created in BSA (with or without any authorizations) has access to login to BSA console.
And you want a role which will only have authorizations to open NSH & execute nexec, rm commands only.
- To open NSH & execute such commands from NSH prompt, no specific authentication based on BSA role required.
as the NSH commands are network commands which uses system credentials/authorizations to execute the NSH commands on NSH prompt, not BSA authorizations.
If you are using Network Shell to connect directly to servers without routing traffic through a Network Shell Proxy Server, no authentication is required.
Also go through below thread:
I am using NSH Proxy.
Ok, then authentication is required.
still the users of any role can access BSA console.
But, they will only see the folders & objects as per the authorizations granted to that role.
currently, I do not have environment with NSH proxy. EXPERTS can help you here.
1 of 1 people found this helpful
you need to add the 'command authorizations' to the role that you want to limit. add only the commands you want them to be able to run and then push acls (to a couple test boxes first i think to be sure)