Ready-only and Ready-write privilege's in ISG
search cancel

Ready-only and Ready-write privilege's in ISG

book

Article ID: 275784

calendar_today

Updated On:

Products

SSP-S210 PLATFORM SSP-S410 SSP-S410 PLATFORM

Issue/Introduction

What are the various ISG operations that a user having Ready-write and Ready-only rights can perform?

Resolution

ISG supports three levels of authorization or privileges:

  1. Read-write: Allows users to log in to the CLI and execute all commands in all modes.
  2. Read-only: Allows users to log in to the CLI and execute the following commands in standard mode:
    help
    ping
    show
    traceroute
    exit
  3. None: Allows users to log in to the CLI, but the only available command for those users is exit. Users only have this privilege level if they are not a member of a user group or they are a member of a group that does not have read-write or read-only privileges assigned to it.

Users have the ability to allocate privileges to specific user groups. These privileges can then be assigned to individual users by adding them to the relevant groups. Privileges are global and take effect when the realm is active.
In the case of RADIUS realms, the ISG appliance relies on authentication responses from the RADIUS server to obtain the list of user groups within the realm. As a result, when assigning privileges to user groups, the appliance cannot verify their existence beforehand.

About the Enable Mode Password
Admin only configures one password for enable mode and it is shared among all users that have read-write privilege.