Overview
Your Exinda is integrated with TACACS, and you wish to provide some users with Read Only access to Exinda, and not full access.
This article provides steps for how you can give Read Only access to some TACACS users, by differentiating the admin and monitor users.
Solution
In order to differentiate an admin from a monitor account, the user on the TACACS server should have an attribute: "local-user-name" set in the TMS service.
For example, if you have two users, one is an admin (username: t-admin), and the other is a monitor user(username: t-monitor), this is how the users would look like on the TACACS server with the service and attributes:
user = t-admin {
pap = cleartext "exinda"
login = des rRe76nTnERlXg
service = tms-exec {
"local-user-name" = "admin"
}
}
user = t-monitor {
pap = cleartext "exinda"
login = des rRe76nTnERlXg
service = tms-exec {
"local-user-name" = "monitor"
}
}
Please approach your TACACS admin to define these attributes for users, since it requires TACACS server admin expertise.
Related article
RADIUS / TACACS attributes for user privileges