Admin Profile for readonly but can' t download config?

Forum|Forum|11 years ago
August 12, 2014
2 replies
4839 views

Hi ALL, In the case that we want to allow the IT teammates to logon to the firewall to have a look whenever need to troubleshoot or checking the logs, the expected result should just allow the teammates to read all or some of the screen, however, I cannot set it all-readonly but restricting the option to allow the one to download the firewall configuration... that would expose the details! Yes, you may say that, I can disable/hide the whole system configuration page.. but I just wonder there is any way that I can do both - allow to show the system page (with bandwidth for ports and other stats.) AND disable the download/upload of configuration. Anyone can help? Thanks!

ede_pfau

SuperUser

hi, what is in the config file that you cannot see in the (read-only) WebGUI? You fear that parts of the config may be exposed if downloaded but I think all these settings are exposed anyway in the WebGUI.

wcbenyipAuthor

New Member

Actually as it say, I can see all in the WebGUI with read acl only. I just want to hide that option to allow the one to backup the device config. Seems no way to do so, because the ACL setting for Admin a/c can only set RW/R for the whole " section" , there is no sub-category could be configured.

Istvan_Takacs_FTNT

Staff

You can customise the dashboard to remove widgets e.g. the System Information one that displays the System Config, but can' t enforce the config for the other users, so they might just put it back. Also you would need to remove the CLI console one and the SSH access or else they might just run ' show full' . Not sure if you can make a customised dashboard permanent in the CLI somehow, but there might be an option to do that.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded