ACE and ANM RBAC - Single user with Admin access

Unanswered Question
Oct 21st, 2009

Goodday,

I would like to confirm if one can only assign a single user Admin access to a context via RBAC (either on ANM or ACE native RBAC through ACS). So is this true or not?

If so, would I be correct in assuming this excludes the default Admin user.

Also, what do you do if you need to provide Admin access to more that one user? Can it be done?

Thanks

Paul

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dkirsch Wed, 10/21/2009 - 15:10

Actually multiple users can assinged to the pre-defined ADMIN role in ACE RBAC such as the following:

myaceisnamedthis/Admin(config)# username Bob password weakpass role Admin domain default-domain

This is also true in ANM, where the user's RBAC is a cross product of the ANM defined role and domains (which is at the ANM level so that it can span multiple ACE devices and contexts).

In both cases, the AAA can be used for authentication, though authorization is performed by ACE/ANM themselves.

Cheers,

David K.

Paul Pinto Wed, 10/21/2009 - 21:45

Thanks for your reply David.

I just wanted to confirm this, based on the statement in the "ACE Authentication to ACE" document which states "Each Context can have one user with a designated Role of "Admin"".

So we will be using the ACS to provide the RBAC for ACE Native RBAC and obviuosly for ANM this is done on the ANM server.

So, I suppose then the only concern is around RBAC for ACE Native RBAC via ACS based on the the statement above.

Thanks again.

Paul.

Actions

This Discussion