Is it possible to assign some device roles on some user when using integrated authentication (non-acs).
I explain, we want to allow some users (or group of users) to be able to deploy netconfig jobs only on some devices (or device groups).
So we first try to assign netconfig job to users, but it is only possible to do this for one user at the same time (which can be long when we have many users) and we cannot limit the netconfig job to some device groups.
Is there a way to do this with this mechanism or is this another way to do it ?
You can choose to assign any number of role and device group combinations for a selected user or user group to operate on Network Device Groups.
You should note the following to assign roles on a NDG basis:
• If you have assigned a Network Device Group to your AAA client (CiscoWorks Server and network devices), you must assign that device group to a role.
You cannot have role and device group combinations assigned to a user without assigning the Network Device Group to your AAA client.
• You can assign only one role to a user, to operate on an NDG.
• If a user requires privileges other than those associated with the current role, to operate on an NDG, a custom role should be created. All necessary privileges to enable the user to operate on the NDG should be given to this role.
For example, if a user needs to have Approver and Network Operator privileges to operate on NDG1, you can create a new custom role with Network Operator and Approver privileges, and assign the role to the user to operate on NDG1.
• You cannot assign roles to the DEFAULT device group. When the DEFAULT (unassigned device group) is selected, you can perform only the Help Desk role, irrespective of the roles chosen.
To assign the proper role, the network access server (NAS) should be added to device groups other than DEFAULT.
Do you use Cisco DNA Center? Have you used and are you willing to provide your feedback in using the Cisco DNA Center help and documentation?
If so, we’d like you to complete the survey linked below. Your feedback will help provide more effective and easi...
Listen: https://smarturl.it/CCRS9E18Follow us: https://twitter.com/CiscoChampion Reaching the height of your career is no simple feat. It often requires a combination of pursuing the right education, building the right professional network and being ...
In a typical production SD-WAN deployment, we would probably have many remote sites connected via many different Internet connections to a centralized data center or a regional hub. In most regions in the world, Internet providers will always use some typ...