topic Re: Admin roles and Detailed Log View (spyglass) in General Topics

Admin roles and Detailed Log View (spyglass)

pasmartin — Mon, 17 Jun 2019 11:29:26 GMT

Hello Community!

I'm trying to create an admin role that gives a user access to the Monitoring functionality.
But with full access to Monitoring only, they are not able to open the details for each log entry - Detailed Log View.

I've granted Privacy access too, but that didn't help.

Anyone know what specific access is needed to be able to click on the spyglass for all log entries?

Thanks!

Re: Admin roles and Detailed Log View (spyglass)

BPry — Tue, 18 Jun 2019 02:56:48 GMT

@pasmartin,

The only access you need to grant for detailed log entry within the logs is enabling access to the logs you wish the user to access, if you turn everything else off the account still has access to detailed log view. The XML would look like the following for the admin-role:

      <entry name="test">
        <role>
          <device>
            <webui>
              <monitor>
                <logs>
                  <traffic>enable</traffic>
                  <threat>enable</threat>
                </logs>
              </monitor>
            </webui>
            <xmlapi/>
          </device>
        </role>
      </entry>

Re: Admin roles and Detailed Log View (spyglass)

pasmartin — Tue, 18 Jun 2019 08:54:11 GMT

webui {
974	
                         webui {
973	
                             monitor {
975	
                             monitor {
974	
                                 logs {
976	
                                 logs {
975	
                                     traffic enable;
977	
                                     traffic enable;
976	
                                     threat enable;

This is what I have for the admin role when doing a config audit. Am I missing something here?
The user is not able to get the detailed logs.

This is what devconsole is outputting when clicking a spyglass:

Re: Admin roles and Detailed Log View (spyglass)

Ingimundur — Fri, 28 Aug 2020 15:33:06 GMT

I had the exact same issue. After trial and error for a couple of hours (and double digits of commits), the solution was enabling Read-Only on Device->Setup->Content-ID (everything else under Setup is still disabled). I don't see the logic in this, but it works 🙂