This is currently expected behaviour. We have an RFE open (51424) to permit this but I cannot confirm when or if that may make it into a future release.

I've reproduced the behaviour on 6.1.2a. Which version are you using? A quick search internally hasn't revealed any existing bugs reported around this area so I filed a new one to verify if this is expected behaviour for any reason. I'm afraid I can't offer a suitable workaround for this, other than using RADIUS/TACACS which I know does work when a user is mapped to the admin role.

I'm afraid they don't want to use RADIUS although our Windows guys offered them to setup a Radius server on Windows 2008 which is their prefered OS.

Felix

Do they definitely not want a centralised RADIUS/TACACS based authentication solution? That would be simpler. You can then map multiple users/groups to the admin role.

Thought so, too. I configured a rbm user with read/write permission but that user cannot view the current config:

Insufficient permissions for command execution.



Although the user is allowed to activate another config. I can reproduce that on SH 6.5.1a and CMC 6.5.0. Our goal is to have multiple admin users with different names.

Felix

Sure. Go to Configure › Security › User Permissions. Then add a new user in Role Based Accounts and 'Select all' for read/write. Do you just want to be able to view the current config or fully administer the appliance?