Guest

Preview Tool

Cisco Bug: CSCvi54206 - Scheduler job breaks RBAC if the username has multiple roles assigned from the AAA server

Last Modified

Jun 18, 2018

Products (50)

  • Cisco Nexus 9000 Series Switches
  • Cisco Nexus 9516 Switch
  • Cisco Nexus 3548 Switch
  • Cisco Nexus 3548-X Switch
  • Cisco Nexus 9396TX Switch
  • Cisco Nexus 31108TC-V Switch
  • Cisco Nexus 92160YC-X Switch
  • Cisco Nexus 92304QC Switch
  • Cisco Nexus 3132Q-V Switch
  • Cisco Nexus 9396PX Switch
View all products in Bug Search Tool Login Required

Known Affected Releases

7.0(3)I7(3)

Description (partial)

Symptom:
The scheduler job commands fail with the following error: % Permission denied for the role
<snip>
Nexus9300-EX# show scheduler logfile | i i 19:14 p 2 n 3
Job Name       : backup-cfg                        Job Status: Failed (30)
Schedule Name  : daily                             User Name : scheduleruser
Completion time: Mon Mar 19 19:14:00 2018
--------------------------------- Job Output ---------------------------------
`copy running-config startup-config`
% Permission denied for the role
</snip>

Conditions:
Nexus 9300-EX switches are running NX-OS 7.0(3)I7([1-3]).
The username used for the scheduler configuration has multiple roles assigned from the AAA Server e.g. network-admin vdc-admin.
<snip>
Nexus9300-EX# show user-account scheduleruser
user:scheduleruser
        roles:network-admin vdc-admin
account created through REMOTE authentication
</snip>
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.