cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1360
Views
0
Helpful
5
Replies

LMS 4.x - device authorization not applied in topology services views?

hgans
Level 1
Level 1

Hi,

it seems that users with active device authorization - e.g. permitting only a certain user defined group - can anyway view all devices or views?

Is it possible to apply the same view rule from user management, so that these users can only view certain devices or topologies?

thanks

Regards,

Herwig

5 Replies 5

ppbenac
Level 1
Level 1

If I understand your question your question correctly.  No!!    User Roles in the device views cover what a role can do on all devices.  I.E the Netwrok Admin can do everything on every device known by CiscoView.

I do not clearly understand your answer, but I think you talk about something different...

Let me try again with a picture:

This user has only authorization for a certain subset of nodes defined in the group "NTS Wien".

Even tough this user is restricted to the "NTS Wien" device group, he can access topology views from other groups and also all other global views...

So no restriction in topology services - looks like a user has access to topology view in general or not. This can only be controlled by the group role policy, but the device authorization policy do not match for topology views.

I hope this put it straight what I want to point out...

I've not tried this myself.

I think the user's role will apply to the devices that he has rights on, and e will have a 'helpdesk' role for all other devices.

Can you confirm this is what you see too?

Cheers,

Michel

That check mark in the Network Operator is what is allowing NTS Wien to view everything in Ciscoview.   What I can't remember is if the Network Admin can uncheck that box and leave the device level authorization for NTS Wien intact?   Part of my brain is saying yes, but just a part.

you both are right, only that I am only focusing on Topology Services not Cisco View Peter.

Device authorization regulates if a user can even see devices in device groups (system and user defined) and the user role gives LMS tool privileges for all devices that can be selected in groups.

The issue I want to point out is, that this security concept does not work for Topology Services.

There a limited user can see all device information and views, regardless how the device authorization setting for this user is configured.

Cheers,

Herwig

p.s.: By the way, in Cisco View the device authorization concept works fine. A user can only open devices he has rights for...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco