cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1868
Views
0
Helpful
2
Replies
Highlighted
Beginner

LMS RME Jobs & ACS - Rights Escalation

Hi,

We have integrated LMS 3.01 with Cisco Secure ACS 4.1.

We want to stop users deleting jobs so that we can maintain job history (see post in AAA forum as to why).

Within ACS Shared Profile Components with have removed:

Inventory - Delete Job

CDA - Delete Job

Config Editor - Delete Job

Software Management Jobs - Delete

This works fine (delete button greyed out) if the user browses to the specific Job Management screen, e.g.

RME > Config Management > Config Editor > Config Editor Jobs

However if we allow the user the "RME Jobs" right within ACS they can still delete jobs from:

RME > Job Management

Is this a bug? Why should you be allowed to delete jobs from RME Job management if you don't have the permissions to delete jobs within the individual components?

Thanks

Michael

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Cisco Employee

RME Jobs is a separate task designed for uber administrators. When it is authorized, it doesn't check the underlying job type delete task. It just assumes that if you have access to this interface, you are a full administrator. Do not grant access to this interface to those that should not be deleting jobs.

View solution in original post

2 REPLIES 2
Highlighted
Hall of Fame Cisco Employee

RME Jobs is a separate task designed for uber administrators. When it is authorized, it doesn't check the underlying job type delete task. It just assumes that if you have access to this interface, you are a full administrator. Do not grant access to this interface to those that should not be deleting jobs.

View solution in original post

Highlighted

Thanks - will do.

Content for Community-Ad