LMS3.1 User access privileges

Unanswered Question
Apr 22nd, 2009

LMS 3.1 with Ciscoworks common services 3.2.0

A network analyst from another group would like to use our ciscoworks application to perform configuration tasks on his switches. Is there any way to give an ID full administration access to the application, but only for a determined set of devices??? For obvious reasons, we don't want to give this ID the ability to have control over our devices. For what I can see, the roles are predefined and cannot be modified in any way and new roles cannot be added. Has anyone done something like this???

Thanks for any suggestions.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joe Clarke Wed, 04/22/2009 - 10:41

This is possible, but you must have LMS integrated with CiscoSecure ACS to do it. With ACS integration, you can create a Network Device Group which only contains the devices this user can manage. Then, you can give that user full admin access to devices in that group.

jjiles Wed, 04/22/2009 - 14:48

Thanks for the reply.

Is it possible to accomplish something similar for non ACS authentication systems? We use Radius. Is it possible to pass attributes from the Radius server to ciscoworks?


Joe Clarke Wed, 04/22/2009 - 15:45

No, this is not possible unless you are integrated with an ACS server.


This Discussion