04-22-2009 10:13 AM
LMS 3.1 with Ciscoworks common services 3.2.0
A network analyst from another group would like to use our ciscoworks application to perform configuration tasks on his switches. Is there any way to give an ID full administration access to the application, but only for a determined set of devices??? For obvious reasons, we don't want to give this ID the ability to have control over our devices. For what I can see, the roles are predefined and cannot be modified in any way and new roles cannot be added. Has anyone done something like this???
Thanks for any suggestions.
04-22-2009 10:41 AM
This is possible, but you must have LMS integrated with CiscoSecure ACS to do it. With ACS integration, you can create a Network Device Group which only contains the devices this user can manage. Then, you can give that user full admin access to devices in that group.
04-22-2009 02:48 PM
Thanks for the reply.
Is it possible to accomplish something similar for non ACS authentication systems? We use Radius. Is it possible to pass attributes from the Radius server to ciscoworks?
Thanks.
04-22-2009 03:45 PM
No, this is not possible unless you are integrated with an ACS server.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: