05-13-2012 12:27 PM
it seems that users with active device authorization - e.g. permitting only a certain user defined group - can anyway view all devices or views?
Is it possible to apply the same view rule from user management, so that these users can only view certain devices or topologies?
05-13-2012 03:55 PM
If I understand your question your question correctly. No!! User Roles in the device views cover what a role can do on all devices. I.E the Netwrok Admin can do everything on every device known by CiscoView.
05-15-2012 03:10 PM
I do not clearly understand your answer, but I think you talk about something different...
Let me try again with a picture:
This user has only authorization for a certain subset of nodes defined in the group "NTS Wien".
Even tough this user is restricted to the "NTS Wien" device group, he can access topology views from other groups and also all other global views...
So no restriction in topology services - looks like a user has access to topology view in general or not. This can only be controlled by the group role policy, but the device authorization policy do not match for topology views.
I hope this put it straight what I want to point out...
05-18-2012 12:50 PM
I've not tried this myself.
I think the user's role will apply to the devices that he has rights on, and e will have a 'helpdesk' role for all other devices.
Can you confirm this is what you see too?
05-18-2012 02:38 PM
That check mark in the Network Operator is what is allowing NTS Wien to view everything in Ciscoview. What I can't remember is if the Network Admin can uncheck that box and leave the device level authorization for NTS Wien intact? Part of my brain is saying yes, but just a part.
05-19-2012 03:16 AM
you both are right, only that I am only focusing on Topology Services not Cisco View Peter.
Device authorization regulates if a user can even see devices in device groups (system and user defined) and the user role gives LMS tool privileges for all devices that can be selected in groups.
The issue I want to point out is, that this security concept does not work for Topology Services.
There a limited user can see all device information and views, regardless how the device authorization setting for this user is configured.
p.s.: By the way, in Cisco View the device authorization concept works fine. A user can only open devices he has rights for...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: