Orb agent - Cisco device privileges #18625
-
| I'm trying to limit access to the account the Orb agent is configured to use for scanning Cisco devices, to effectively have read-only access (I don't want the account to have privilege 15 access, and privilege 0 is too little). I'm aware that I can create custom privilege levels and parser views to limit access to various commands, but the problem I'm having is that I don't know which commands the Orb agent runs in order to ingest data from the devices, so I don't know which commands to include/exclude in the restriction(s). Can anyone here chime in to answer that question? Assuming that the agent needs only to to be able to view the running-config, if there's a way to have the agent issue the command  | 
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
| It will run napalm functions including get_facts(), get_interfaces(), get_interfaces_ip() - hence for individual commands, you'd need to look at the napalm driver - eg for ios - https://github.com/napalm-automation/napalm/blob/develop/napalm/ios/ios.py | 
Beta Was this translation helpful? Give feedback.
It will run napalm functions including get_facts(), get_interfaces(), get_interfaces_ip() - hence for individual commands, you'd need to look at the napalm driver - eg for ios - https://github.com/napalm-automation/napalm/blob/develop/napalm/ios/ios.py