why do tft export and scp export require write access to the device?
They are not available on readonly users.
What version are you running?
Readonly users should be able to export. There is a known bug with 4.0 that should be fixed in 4.0.8
we currently have 4.0.5 installed.
The PAN-OS_4.1_CLI_Reference_Guide.pdf shows under the tftp export command:
"Required Privilege Levelsuperuser, vsysadmin, deviceadmin"
I will report back after patching the systems to 4.1
we are currently installing a new cluster and updated that to 4.1.1 which still has that limitation.
We didn't try 4.0.8 on the older cluster as we would like to get on 4.1.* working with the improved web ui.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!