Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

How to deny NSH access

In the past, removing a role's ability to use Network Shell involved a complex process of creating an empty role and assigning the default Network Shell role for that role as the empty role, along with removing the NSH Here custom command.

A much simpler process is now available for removing NSH access from a role.

To remove NSH access from a role

  1. Ensure you have a NSH Proxy server configured in your environment. 
     For more info, see Setting-up-a-Network-Shell-proxy-server
     Without an NSH Proxy enabled, this system will not work, as the NSH Proxy can only control the connections that go through it.
  2. Update RBAC authorizations in the relevant role, and then save the role.
    • To deny NSH access, remove the NSHProxy.Connect authorization.
    • To allow NSH access, add the NSHProxy.Connect authorization.

worddavd03b21bcff4e1fad15ebe2bf585e05ef.png

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*