XE === username netops-scripts privilege 15 view NETOPS-SCRIPTS-VIEW secret 9 <hash1-here> ! parser view NETOPS-SCRIPTS-VIEW secret 9 <hash2-here> commands exec include all terminal commands exec include all show ===
for XR - we do not have, someone else can reply if so On Mon, 16 Feb 2026 at 16:40, Hank Nussbacher via cisco-nsp < [email protected]> wrote: > Under IOS-XE if we do: > > username <username> privilege 1 secret <password> > > the user has no ability to do any show commands. > > Elevating to priv=5 doesn't help. Only priv=15 helps - but then the > user has RW access. > > So how does one set up a user in IOS-XE so they can do any and all > "show" commands? > > > Same question for IOS-XR. Tried: > > taskgroup read-only > > task read > > ! > > usergroup read-only-group > > taskgroup read-only > > ! > > username <username> > > group read-only-group > > secret <password> > > > but "task read" requires many additional parameters such as “task read > ospf”, “task read acl”, “task read bgp”, “task read ipv4” , etc. > > > Can anyone provide the exact IOS-XE and IOS-XR commands to create a RO > user? > > > Thanks, > > Hank > > > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
