#Cisco switch credentials

The harvest web site recommends using a least-priv or read-only account for harvest access to switches, using the role "network-operator". Does this also restrict access to only http? We'd like to prevent this account from having access via ssh. If not, how could we disable ssh access seperately?