Hi all.

I am deskilled having not worked on VIO for over a decade, so I need help from the community please.

I am trying to give a user the minimum privs to be able to monitor the VIO server.

I need to give them access to the lsmap and the lsnports command from the ios cli command set.

VIOS 4.1.1.10

AIX 7300-03-01-2520

According to this page:

Using role-based access control with the Virtual I/O Server

I need to give these authorizations to the user:

vios.device.manage.list

vios.device.manage.map.phyvir 

So I created a role:

mkrole authorizations='vios.device.manage.list,vios.device.manage.map.phyvirt' dfltmsg='Monitoring role for VIOS' monrole

and added the role to the user:

chuser roles='monrole' monuser

I still get

"Access to run the command is not valid"

This is for a customer who has no VIOS support and needs to call in a consultant everytime they want something doing so I have no access to the VIO server myself.

Thanks in advance for any and all advice.

I think I just realised.... need to run the setkst command...

Hi all.

I am deskilled having not worked on VIO for over a decade, so I need help from the community please.

I am trying to give a user the minimum privs to be able to monitor the VIO server.

I need to give them access to the lsmap and the lsnports command from the ios cli command set.

VIOS 4.1.1.10

AIX 7300-03-01-2520

According to this page:

Using role-based access control with the Virtual I/O Server

I need to give these authorizations to the user:

vios.device.manage.list

vios.device.manage.map.phyvir 

So I created a role:

mkrole authorizations='vios.device.manage.list,vios.device.manage.map.phyvirt' dfltmsg='Monitoring role for VIOS' monrole

and added the role to the user:

chuser roles='monrole' monuser

I still get

"Access to run the command is not valid"

This is for a customer who has no VIOS support and needs to call in a consultant everytime they want something doing so I have no access to the VIO server myself.

Thanks in advance for any and all advice.

So setkst ran and I saw the auth updates to the kernel,, but no change - my user cannot run the command still... any ideas?

I think I just realised.... need to run the setkst command...

Hi all.

I am deskilled having not worked on VIO for over a decade, so I need help from the community please.

I am trying to give a user the minimum privs to be able to monitor the VIO server.

I need to give them access to the lsmap and the lsnports command from the ios cli command set.

VIOS 4.1.1.10

AIX 7300-03-01-2520

According to this page:

Using role-based access control with the Virtual I/O Server

I need to give these authorizations to the user:

vios.device.manage.list

vios.device.manage.map.phyvir 

So I created a role:

mkrole authorizations='vios.device.manage.list,vios.device.manage.map.phyvirt' dfltmsg='Monitoring role for VIOS' monrole

and added the role to the user:

chuser roles='monrole' monuser

I still get

"Access to run the command is not valid"

This is for a customer who has no VIOS support and needs to call in a consultant everytime they want something doing so I have no access to the VIO server myself.

Thanks in advance for any and all advice.

Did you try the "ViewOnly' role provided by IBM?

If it's working, I'd start with cloning it then deleting unnecessary authorizations.

So setkst ran and I saw the auth updates to the kernel,, but no change - my user cannot run the command still... any ideas?

I think I just realised.... need to run the setkst command...

Hi all.

I am deskilled having not worked on VIO for over a decade, so I need help from the community please.

I am trying to give a user the minimum privs to be able to monitor the VIO server.

I need to give them access to the lsmap and the lsnports command from the ios cli command set.

VIOS 4.1.1.10

AIX 7300-03-01-2520

According to this page:

Using role-based access control with the Virtual I/O Server

I need to give these authorizations to the user:

vios.device.manage.list

vios.device.manage.map.phyvir 

So I created a role:

mkrole authorizations='vios.device.manage.list,vios.device.manage.map.phyvirt' dfltmsg='Monitoring role for VIOS' monrole

and added the role to the user:

chuser roles='monrole' monuser

I still get

"Access to run the command is not valid"

This is for a customer who has no VIOS support and needs to call in a consultant everytime they want something doing so I have no access to the VIO server myself.

Thanks in advance for any and all advice.

Did you try the "ViewOnly' role provided by IBM?

If it's working, I'd start with cloning it then deleting unnecessary authorizations.

So setkst ran and I saw the auth updates to the kernel,, but no change - my user cannot run the command still... any ideas?

I think I just realised.... need to run the setkst command...

Hi all.

I am deskilled having not worked on VIO for over a decade, so I need help from the community please.

I am trying to give a user the minimum privs to be able to monitor the VIO server.

I need to give them access to the lsmap and the lsnports command from the ios cli command set.

VIOS 4.1.1.10

AIX 7300-03-01-2520

According to this page:

Using role-based access control with the Virtual I/O Server

I need to give these authorizations to the user:

vios.device.manage.list

vios.device.manage.map.phyvir 

So I created a role:

mkrole authorizations='vios.device.manage.list,vios.device.manage.map.phyvirt' dfltmsg='Monitoring role for VIOS' monrole

and added the role to the user:

chuser roles='monrole' monuser

I still get

"Access to run the command is not valid"

This is for a customer who has no VIOS support and needs to call in a consultant everytime they want something doing so I have no access to the VIO server myself.

Thanks in advance for any and all advice.

Thank you for the idea.  I think I've cracked it - will report back once I have completed my testing.

Did you try the "ViewOnly' role provided by IBM?

If it's working, I'd start with cloning it then deleting unnecessary authorizations.

So setkst ran and I saw the auth updates to the kernel,, but no change - my user cannot run the command still... any ideas?

I think I just realised.... need to run the setkst command...

Hi all.

I am deskilled having not worked on VIO for over a decade, so I need help from the community please.

I am trying to give a user the minimum privs to be able to monitor the VIO server.

I need to give them access to the lsmap and the lsnports command from the ios cli command set.

VIOS 4.1.1.10

AIX 7300-03-01-2520

According to this page:

Using role-based access control with the Virtual I/O Server

I need to give these authorizations to the user:

vios.device.manage.list

vios.device.manage.map.phyvir 

So I created a role:

mkrole authorizations='vios.device.manage.list,vios.device.manage.map.phyvirt' dfltmsg='Monitoring role for VIOS' monrole

and added the role to the user:

chuser roles='monrole' monuser

I still get

"Access to run the command is not valid"

This is for a customer who has no VIOS support and needs to call in a consultant everytime they want something doing so I have no access to the VIO server myself.

Thanks in advance for any and all advice.

Hi all.

I am deskilled having not worked on VIO for over a decade, so I need help from the community please.

I am trying to give a user the minimum privs to be able to monitor the VIO server.

I need to give them access to the lsmap and the lsnports command from the ios cli command set.

VIOS 4.1.1.10

AIX 7300-03-01-2520

According to this page:

Using role-based access control with the Virtual I/O Server

I need to give these authorizations to the user:

vios.device.manage.list

vios.device.manage.map.phyvir 

So I created a role:

mkrole authorizations='vios.device.manage.list,vios.device.manage.map.phyvirt' dfltmsg='Monitoring role for VIOS' monrole

and added the role to the user:

chuser roles='monrole' monuser

I still get

"Access to run the command is not valid"

This is for a customer who has no VIOS support and needs to call in a consultant everytime they want something doing so I have no access to the VIO server myself.

Thanks in advance for any and all advice.

Hi all.

I am deskilled having not worked on VIO for over a decade, so I need help from the community please.

I am trying to give a user the minimum privs to be able to monitor the VIO server.

I need to give them access to the lsmap and the lsnports command from the ios cli command set.

VIOS 4.1.1.10

AIX 7300-03-01-2520

According to this page:

Using role-based access control with the Virtual I/O Server

I need to give these authorizations to the user:

vios.device.manage.list

vios.device.manage.map.phyvir 

So I created a role:

mkrole authorizations='vios.device.manage.list,vios.device.manage.map.phyvirt' dfltmsg='Monitoring role for VIOS' monrole

and added the role to the user:

chuser roles='monrole' monuser

I still get

"Access to run the command is not valid"

This is for a customer who has no VIOS support and needs to call in a consultant everytime they want something doing so I have no access to the VIO server myself.

Thanks in advance for any and all advice.