Orb agent - Cisco device privileges

[JessePeden]

I'm trying to limit access to the account the Orb agent is configured to use for scanning Cisco devices, to effectively have read-only access (I don't want the account to have privilege 15 access, and privilege 0 is too little). I'm aware that I can create custom privilege levels and parser views to limit access to various commands, but the problem I'm having is that I don't know which commands the Orb agent runs in order to ingest data from the devices, so I don't know which commands to include/exclude in the restriction(s). Can anyone here chime in to answer that question?

Assuming that the agent needs only to to be able to view the running-config, if there's a way to have the agent issue the command show running-config view full rather than show running-config, that would solve the problem I'm facing since that allows for viewing the full configuration output while still restricting the user(s) to whatever custom privilege level or parser view is defined for them to prevent "write" access.

[cruse1977]

It will run napalm functions including get_facts(), get_interfaces(), get_interfaces_ip() - hence for individual commands, you'd need to look at the napalm driver - eg for ios - https://github.com/napalm-automation/napalm/blob/develop/napalm/ios/ios.py

[JessePeden]

Thank you.