In the current environment, we have SNMP/TFTP setup for NCM capture. Due to the security constrains related to TFTP we are planning to move to SSH/SCP for NCM capture.
I have gone through CA documents and dint find any information detailing what level of privileges to be set for device user to capture Config. It is only in this Community I came across answers suggesting to provide RW access and setting privileges to 15.
While testing I provided RO access to the user. I was able to Capture partial config(around 20 odd lines from config). We providing privilege 15 access to the user temporarily for testing purpose and were able to capture the config completely.
My question is why RW access is required to capture the configs, why not RO access? Providing RW access is like providing root access to the devices and is a severe concern with respect to Security.
As I understand, we are just trying to read the config, so RO access should be sufficient. in earlier case we were able to get the capture but partial. Can someone clarify why RO access captures partial config and RW access capture the whole config?
Also please clarify how/why NCM capture is so dependent on using RW access only?
Thanks & Regards,