Preview Tool

Cisco Bug: CSCtc57788 - Allow read-only role to be disabled for users

Last Modified

Feb 01, 2017

Products (1)

  • Cisco Unified Computing System

Known Affected Releases


Description (partial)

UCSM does not allow the read-only role to be disabled for any user:
ucs-6120-1-A /security/local-user # sh conf
 enter local-user test
     enter role admin
     enter role read-only
     set email ""
     set firstname ""
     set lastname ""
 !   set password
     set phone ""
     set sshkey none
     set sshkey 
ucs-6120-1-A /security/local-user # 
ucs-6120-1-A /security/local-user # delete role read-only
ucs-6120-1-A /security/local-user* # commit-buffer 
Error: Update failed: [role read-only can not be deleted from user test]

The read-only role allow user to have read access to all configuration, which might not be desirable.

For example, in a setup with different network admin and server admin responsibilities, usually the network admin will have no access to the server configuration, and vice-versa; since the read-only role cannot be disabled, the UCSM cannot cleanly support setup with split network and server admin responsibilities.

Enhancement request.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.