Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
709
Views
0
Helpful
2
Replies

CiscoWorks LMS 3.2 user role per device

fabien.giraud
Level 1
Level 1

‎10-14-2010 02:13 AM

Hi,

Is it possible to assign some device roles on some user when using integrated authentication (non-acs).

I explain, we want to allow some users (or group of users) to be able to deploy netconfig jobs only on some devices (or device groups).

So we first try to assign netconfig job to users, but it is only possible to do this for one user at the same time (which can be long when we have many users) and we cannot limit the netconfig job to some device groups.

Is there a way to do this with this mechanism or is this another way to do it ?

Many thanks,

Fabien GIRAUD

Labels:
0 Helpful
2 Replies 2

Nael Mohammad
Level 5
Level 5

‎10-14-2010 10:41 PM

Not without ACS in LMS 3.2 but in LMS 4.0 you can use the Network Device Group option.

http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.0/user/guide/admin/security.html#wp1113737

Assigning Roles on NDG Basis

You can choose to assign any number of role and device group  combinations for a selected user or user group to operate on Network  Device Groups.

You should note the following to assign roles on a NDG basis:

• If  you have assigned a Network Device Group to your AAA client (CiscoWorks  Server and network devices), you must assign that device group to a  role.

You cannot have role and device group combinations assigned to a user  without assigning the Network Device Group to your AAA client.

• You can assign only one role to a user, to operate on an NDG.

• If  a user requires privileges other than those associated with the current  role, to operate on an NDG, a custom role should be created. All  necessary privileges to enable the user to operate on the NDG should be  given to this role.

For example, if a user needs to have Approver and Network Operator  privileges to operate on NDG1, you can create a new custom role with  Network Operator and Approver privileges, and assign the role to the  user to operate on NDG1.

• You cannot assign roles to the DEFAULT device group. When the DEFAULT (unassigned device group) is selected, you can perform only the Help Desk role, irrespective of the roles chosen.

To assign the proper role, the network access server (NAS) should be added to device groups other than DEFAULT.

0 Helpful

fabien.giraud
Level 1
Level 1
In response to Nael Mohammad

‎10-15-2010 12:16 AM

Hi,

That's what I was afraid of. We don't have any AAA authentication.

So as you say in your answer, it will not be possible.

Thanks for your reply,

Fabien GIRAUD

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents