Create MaaS RBAC for Cisco NX-OS switch

to allow MaaS service to deploy the BareMetal Server and put it to appropriate private vlan, MaaS service need to login to cisco TOR switch and execute some codes. to reduce humane error and security?risk we create a stand alone user for MaaS service on each TOR switch.

username is : maas-sw. and create a specific Role for this user

Step11: create RBAC Role

Role name MaaS

vlan policy deny

permit vlan?500-510

rule?20?permit read-write feature vlan

interface?policy deny

permit?interface?ethernet?1/1-10

rule?30?permit read-write feature?interface

rule?40?permit command show*        

this rule will allow maas-sw user to work only with vlan 500-501 and do it's related task like create,delete, private-vlan,.....

vlan configuration can be apply only to interface eth1/1-10 and maas-sw user can not modify any other interface.

optional: for debug i all show command via rule 40.

step-2: create a user for MaaS service and assign it to MaaS role.

Username maas-sw role MaaS password ******