Meraki

Community

Live Tools

RaphaelL
Kind of a big deal
Kind of a big deal
‎Dec 15 2022 7:59 PM
‎Dec 15 2022 7:59 PM

Live Tools

Hi ,

 

Was most the live tools always available to read-only users ?

 

Kinda scary that a RO user can do a port cycle & cable test imo... 

Labels:
7 Replies 7
Brash
Kind of a big deal
Kind of a big deal
‎Dec 15 2022 10:24 PM
‎Dec 15 2022 10:24 PM

Never noticed but I agree, a read only user shouldn't be able to perform any actions like that. Ideally there would a role in between read-only and admin that allows for performing troubleshooting steps like that.

0 Kudos
ww
Kind of a big deal
Kind of a big deal
‎Dec 15 2022 11:55 PM
‎Dec 15 2022 11:55 PM

i think they could just see it, not use it..  did you already ask support if its bug or expected behavior?

0 Kudos
RaphaelL
Kind of a big deal
Kind of a big deal
‎Dec 16 2022 4:56 AM
‎Dec 16 2022 4:56 AM

At the moment it is considered as expected behavior.  

 

What is also worrying us is that ANY live tools will not log the user that took the action. So someone can port cycle ports or reboot device for days without any traces..

0 Kudos
In response to RaphaelL
ww
Kind of a big deal
Kind of a big deal
‎Dec 16 2022 5:23 AM
‎Dec 16 2022 5:23 AM

I dont  see a reboot option as read only. But being able to cycle a uplink  port is already bad enough

0 Kudos
In response to ww
RaphaelL
Kind of a big deal
Kind of a big deal
‎Dec 16 2022 5:24 AM
‎Dec 16 2022 5:24 AM

Reboot is the exception which is for admin only BUT won't be logged either.

0 Kudos
rpendleton
Here to help
‎Jan 5 2023 11:38 AM
‎Jan 5 2023 11:38 AM

We actually discovered this a few months ago, thinking it was an issue with our SSO setup for our Read-Only users. After talking to our reps about it, they confirmed that the troubleshooting tools are available by design for Read-only users. We submitted feedback to change that, as well as at least log a port cycle since that's kind of important.

 

What is extra annoying is we have the ability to 'tag' ports with a description and tie configuration changes to specifically those ports via SSO / Azure roles, but it doesn't stop the port cycling of other ports as soon as they have  Read-Only rights to the network. 

0 Kudos
In response to rpendleton
RaphaelL
Kind of a big deal
Kind of a big deal
‎Jan 5 2023 11:40 AM
‎Jan 5 2023 11:40 AM

It is totally unacceptable.  That + the fact that there are 0 logs. 

 

Port cycle wasn't available to RO users in the past ( but a cable test will do exactly the same thing so... )

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.