02-06-2015 02:41 PM
Good afternoon,
I have Cisco PI v2.2 installed on a VM and working fine. I want to add my Network Topology Maps to the main dashboard for ALL users, but I can only see them when logged in as root. How can I get a "standard" user to be able to view these topology maps?
Thanks,
John L.
02-08-2015 05:33 AM
Dashboards are unique to users. Each user need to set his Dashboard accordingly.
If multiple user's share a common username to login, they should be able to see the same topology map.
In case you want to allow the other users with different roles and groups, you can edit the group they belong to and add Network Topology Map to their permission.
You can see the groups and their permissions under :
Administration > Users, Roles & AAA
Roles who has access to Network Topology: The Network Topology menu will be available to users with below roles:
-Thanks
Vinod
**Encourage Contributors. RATE Them**
02-09-2015 08:11 AM
Vinod,
Thank you for the reply. How do these accounts need to be setup in TACACS+
Thank you,
John L.
02-09-2015 08:29 AM
TACACS+ only serves as an (optional) Authentication server for PI.
What you're talking about is Authorization. That is setup solely on the PI server itself for the users' roles.
02-09-2015 10:13 AM
Marvin,
Then what doesn't make sense to me is that the PI user is setup as a superuser, and another is setup as an admin, and then there is the 'built in' root user.
If I login as either the superuser or admin, and goto Maps from the top menu, "Topology" isn't a choice at all. (see attachment).
If I login as root, and goto Maps from the top menu, "Topology" is the first choice. (see attachment)
My question is how do I get admin and/or superusers to be able to see the "Topology" choice in the menu?
Thanks in advance,
John L.
02-09-2015 11:08 AM
All,
I fixed this issue. It IS a TACACS+ issue that needed to have specific shell profiles configured for Admin users. The profile includes:
task65=Network Topology
I did a 'bulk edit' and replaced all the attributes from v2.1 and used v2.2 attributes, and re-logged into ACS, and now I have the "Topology" menu item.
Thanks,
John L.
02-09-2015 01:41 PM
John,
That's very interesting, thanks for the update! I didn't realize it worked that way - I was relying on the (poorly) documented description.
After some digging in the PI 2.2 User Interface (Administration, Users Roles and AAA, User Groups and then Task List) I did find the list of 185 tasks for and Admin in TACACS+ (attached). Did you have to copy all of those into your TACACS server user group(s)?
02-09-2015 02:11 PM
Marvin,
Yes, 185 tasks had to be added. Fortunately, I was able to do a "bulk edit" and copy/paste into the list. Oh, and I had to use Firefox to do this, as it didn't work while using Chrome (my default browser).
I added the tasks, and submitted on ACS, and then on ACS, logged out and back in. Now I have topology maps listed.
However, I just opened a ticket with TAC as the Network Topology dashlet is missing on my installation. Strange, I know. I tried logging in as root and admin user - nothing. I also tried classic view - just in case - nothing.
It will be interesting to see what they say about this one ;-)
Thanks,
John L.
P.S. I 100% agree - poorly documented for v2.2
02-10-2015 10:28 AM
I had the same issue when I migrated from 2.1 to 2.2
Had to redo the task list associated to the shell profiles on the ACS server.
I think for Super user the task list increased from 147 to 185 tasks.
02-10-2015 10:38 AM
Richard,
I noticed that as well. It increased for sure.
John L.
02-09-2015 10:27 AM
With PI and new generation NMS application, we don't have TACACS+ authorization settings.
TACACS+ or MSAD only works for authentication, to provide centralised user access.
Authorisation and what level of access will be granted to the user is configured by local Role Based Access control (RBAC).
So if a user is configured on TACACS/AD they will be able to login on the Prime Infrastructure but will have Help Desk user privileges. To elevate their Access level/Role you need to configure the same account on PI with higher Role.
-Thanks
Vinod
**Encourage Contributors. RATE Them**
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide