cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
193
Views
5
Helpful
10
Replies
Enthusiast

Cisco PI v2.2 Network Topology Maps

Good afternoon,

I have Cisco PI v2.2 installed on a VM and working fine.  I want to add my Network Topology Maps to the main dashboard for ALL users, but I can only see them when logged in as root.  How can I get a "standard" user to be able to view these topology maps?

Thanks,

John L.

10 REPLIES 10
Cisco Employee

Dashboards are unique to

Dashboards are unique to users. Each user need to set his Dashboard accordingly.

If multiple user's share a common username to login, they should be able to see the same topology map.

In case you want to allow the other users with different roles and groups, you can edit the group they belong to and add Network Topology Map to their permission.

You can see the groups and their permissions under :

Administration > Users, Roles & AAA

Roles who has access to Network Topology: The Network Topology menu will be available to users with below roles:

 

  • Admin
  • ConfigManagers
  • SystemMonitoring
  • SuperUsers
  • Root

-Thanks

Vinod

**Encourage Contributors. RATE Them**

 

 

-Thanks Vinod **Rating Encourages contributors, and its really free. **
Enthusiast

Vinod,Thank you for the reply

Vinod,

Thank you for the reply.  How do these accounts need to be setup in TACACS+

 

Thank you,

John L.

Hall of Fame Guru

TACACS+ only serves as an

TACACS+ only serves as an (optional) Authentication server for PI.

What you're talking about is Authorization. That is setup solely on the PI server itself for the users' roles.

Enthusiast

Marvin, Then what doesn't

Marvin,

 

Then what doesn't make sense to me is that the PI user is setup as a superuser, and another is setup as an admin, and then there is the 'built in' root user.

If I login as either the superuser or admin, and goto Maps from the top menu, "Topology" isn't a choice at all.  (see attachment).

If I login as root, and goto Maps from the top menu, "Topology" is the first choice. (see attachment)

My question is how do I get admin and/or superusers to be able to see the "Topology" choice in the menu?

Thanks in advance,

John L.

 

 

Enthusiast

All,I fixed this issue.  It

All,

I fixed this issue.  It IS a TACACS+ issue that needed to have specific shell profiles configured for Admin users.  The profile includes:

task65=Network Topology

I did a 'bulk edit' and replaced all the attributes from v2.1 and used v2.2 attributes, and re-logged into ACS, and now I have the "Topology" menu item.

Thanks,

John L.

Hall of Fame Guru

John,That's very interesting,

John,

That's very interesting, thanks for the update! I didn't realize it worked that way - I was relying on the (poorly) documented description.

After some digging in the PI 2.2 User Interface (Administration, Users Roles and AAA, User Groups and then Task List) I did find the list of 185 tasks for and Admin in TACACS+ (attached). Did you have to copy all of those into your TACACS server user group(s)?

Enthusiast

Marvin,Yes, 185 tasks had to

Marvin,

Yes, 185 tasks had to be added.  Fortunately, I was able to do a "bulk edit" and copy/paste into the list.  Oh, and I had to use Firefox to do this, as it didn't work while using Chrome (my default browser).  

I added the tasks, and submitted on ACS, and then on ACS, logged out and back in.  Now I have topology maps listed.

However, I just opened a ticket with TAC as the Network Topology dashlet is missing on my installation.  Strange, I know.  I tried logging in as root and admin user - nothing.  I also tried classic view - just in case - nothing.

It will be interesting to see what they say about this one ;-)

Thanks,

John L.

P.S. I 100% agree - poorly documented for v2.2

Beginner

I had the same issue when I

I had the same issue when I migrated from 2.1 to 2.2

Had to redo the task list associated to the shell profiles on the ACS server.

 

I think for Super user the task list increased from 147 to 185 tasks.

 

Highlighted
Enthusiast

Richard,I noticed that as

Richard,

I noticed that as well.  It increased for sure. 

John L.

Cisco Employee

With PI and new generation

With PI and new generation NMS application, we don't have TACACS+ authorization settings.

TACACS+ or MSAD only works for authentication, to provide centralised user access.

Authorisation and what level of access will be granted to the user is configured by local Role Based Access control (RBAC).

So if a user is configured on TACACS/AD they will be able to login on the Prime Infrastructure but will have Help Desk user privileges. To elevate their Access level/Role you need to configure the same account on PI with higher Role.

 -Thanks

Vinod

**Encourage Contributors. RATE Them**

-Thanks Vinod **Rating Encourages contributors, and its really free. **
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards


This widget could not be displayed.