Friday, July 30, 2021

How to enable level 1-2 desktop team members to make minor network changes without giving them too much access?

It's a reasonable request, desktop team wants to be able to make minor changes like changing vlan assignment on a physical port. However, I don't want them to be able to create vlans, or layer3 interfaces, or change assigned vlans on trunks. I certainly do not want them touching routing or spanning tree protections in place. How has other folks worked with this? We do have DNA in place, RADIUS 2FA Duo in place. I do not mind standing up an open source thing on a linux box if such a thing exists.. any thoughts?



No comments:

Post a Comment