Live Tools

RaphaelL
Kind of a big deal
Kind of a big deal

Live Tools

Hi ,

 

Was most the live tools always available to read-only users ?

 

Kinda scary that a RO user can do a port cycle & cable test imo... 

7 REPLIES 7
Brash
Kind of a big deal
Kind of a big deal

Never noticed but I agree, a read only user shouldn't be able to perform any actions like that. Ideally there would a role in between read-only and admin that allows for performing troubleshooting steps like that.

ww
Kind of a big deal
Kind of a big deal

i think they could just see it, not use it..  did you already ask support if its bug or expected behavior?

RaphaelL
Kind of a big deal
Kind of a big deal

At the moment it is considered as expected behavior.  

 

What is also worrying us is that ANY live tools will not log the user that took the action. So someone can port cycle ports or reboot device for days without any traces..

ww
Kind of a big deal
Kind of a big deal

I dont  see a reboot option as read only. But being able to cycle a uplink  port is already bad enough

RaphaelL
Kind of a big deal
Kind of a big deal

Reboot is the exception which is for admin only BUT won't be logged either.

rpendleton
Here to help

We actually discovered this a few months ago, thinking it was an issue with our SSO setup for our Read-Only users. After talking to our reps about it, they confirmed that the troubleshooting tools are available by design for Read-only users. We submitted feedback to change that, as well as at least log a port cycle since that's kind of important.

 

What is extra annoying is we have the ability to 'tag' ports with a description and tie configuration changes to specifically those ports via SSO / Azure roles, but it doesn't stop the port cycling of other ports as soon as they have  Read-Only rights to the network. 

RaphaelL
Kind of a big deal
Kind of a big deal

It is totally unacceptable.  That + the fact that there are 0 logs. 

 

Port cycle wasn't available to RO users in the past ( but a cable test will do exactly the same thing so... )

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels