Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
680
Views
0
Helpful
1
Replies

UCSD authorization model

Go to solution
Michal Rzepecki
Level 1
Level 1

‎12-01-2020 04:26 AM

Hello

 

I would like to authorize different users to access different "IT projects" inside UCSD. Some users should be authorized to participate in more than one "IT project". Every "IT project" should have own resource limits and own offering defined. What UCSD configuration tools should I use to achieve described authorization model?

All users will be synchronized from Active Directory but after user is synchronized we can use any configuration tool (that UCSD has built in). We can change groups, roles and use other UCSD configurations.

Can somebody advice how can I achive teamcollaboration model showed on atached drwing? Is it possible?

Most important is - "IT projects" has resources and offerings; users can participate in one or more "IT projects".

Preview file
65 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Michal Rzepecki
Level 1
Level 1

‎12-01-2020 12:15 PM

I found that only way to have separate set of resource limits and offerings is to have separate user group for every set.

I also found  that every user can belong to only one group. 

...but every user can also have many access profiles. If AD user belongs to many security groups, after user is synchronized to UCSD, one acces profile is being created for every group automatically during synchronization. This gives possibility to use access profile during user logon and after logon user will be part of appropriate  group corresponding to access profile that was used.

Unfortunatelly this is working only for AD groups which user belongs to during synchronization. We can't add access profile using local group created in UCSD. We also can't add access profile using AD synchronized group that user doesn't belong to.

In case of local user it is also impossible to make access profiles with different groups. User can belong to only one group and only this group can be used in different access profiles, so access profiles in this case can differ in user role.

It seems it is possible to do what I want but only by preparing and maintaining access model inside Active Directory. I can't find a way to do this using UCSD only. Do anyone know another way to achieve that?

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Michal Rzepecki
Level 1
Level 1

‎12-01-2020 12:15 PM

I found that only way to have separate set of resource limits and offerings is to have separate user group for every set.

I also found  that every user can belong to only one group. 

...but every user can also have many access profiles. If AD user belongs to many security groups, after user is synchronized to UCSD, one acces profile is being created for every group automatically during synchronization. This gives possibility to use access profile during user logon and after logon user will be part of appropriate  group corresponding to access profile that was used.

Unfortunatelly this is working only for AD groups which user belongs to during synchronization. We can't add access profile using local group created in UCSD. We also can't add access profile using AD synchronized group that user doesn't belong to.

In case of local user it is also impossible to make access profiles with different groups. User can belong to only one group and only this group can be used in different access profiles, so access profiles in this case can differ in user role.

It seems it is possible to do what I want but only by preparing and maintaining access model inside Active Directory. I can't find a way to do this using UCSD only. Do anyone know another way to achieve that?

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card