Sorry for yet another question.
As I've discussed before we are implementing LMS 3.01 integrated with ACS 4.1.4 in a secure environment with strict security rules.
We've hit another security related issue.
Within ACS we've setup custom roles for LMS functions to provide a secure role based separation model (e.g. each roles has rights to perform their role and nothing more).
NetConfig and NetShow have the ability to assign tasks to others, which breaks this model.
e.g. someone with access to NetConfig can assign a task to someone who shouldn't be allowed to make changes on the network!
Hence within ACS we removed the rights:
RME, Config Management, NetConfig, NetConfig Assign Tasks
RME, Tools, Network Show Commands, Assign Netshow command Sets to Users
Disabling these seem to render both NetConfig and NetShow useless (no command sets to choose from, hence no ability to use the tool).
How do we deal with this? Are we doing something wrong?
Surely we don't have to give people the ability to assign rights to other people who shouldn't be allowed them to make the tools work?