cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

253
Views
0
Helpful
1
Replies
Highlighted
Beginner

Role Based access control vs Privilege Level

Hi all,

 

We are planned to Implement command restrictions for different users in our Cisco Routers, Switches and ASA. For testing purpose, we have already hardened one of our router using privilege level commands. Its working fine, but for that we have to take all the EXEC, Configuration mode commands from that router and segregated it based on user needs. Just now, we got some glance about RBAC which was different from privilege levels. So our Questions are,

 

What is the difference between Privilege level and RBAC?

Comparing RBAC with Privilege levels, which is best one with respect to security?

Is RBAC supported in Cisco ASA devices?

For RBAC also, we should take note of all the commands and segregate it?

In Configuration Point of view, which is better one?

 

Thanks in advance.

 

Regards,

Magesh Kumar G

Regards,
Magesh Kumar G
1 REPLY 1
VIP Mentor

Re: Role Based access control vs Privilege Level

Hello,

 

to partially answer your question, role based cli access is a lot more granular than privilege levels, that is, you can define specific commands you want your users to be able to execute, as opposed to privilege levels, which have a subset of commands that you cannot customize.

 

It is (obviously) a lot more tedious to set up role based access, but if you really want to control what your users are allowed and have access to, I would prefer that over privilege levels...

CreatePlease to create content
Content for Community-Ad