10-21-2009 09:09 AM
Goodday,
I would like to confirm if one can only assign a single user Admin access to a context via RBAC (either on ANM or ACE native RBAC through ACS). So is this true or not?
If so, would I be correct in assuming this excludes the default Admin user.
Also, what do you do if you need to provide Admin access to more that one user? Can it be done?
Thanks
Paul
10-21-2009 03:10 PM
Actually multiple users can assinged to the pre-defined ADMIN role in ACE RBAC such as the following:
myaceisnamedthis/Admin(config)# username Bob password weakpass role Admin domain default-domain
This is also true in ANM, where the user's RBAC is a cross product of the ANM defined role and domains (which is at the ANM level so that it can span multiple ACE devices and contexts).
In both cases, the AAA can be used for authentication, though authorization is performed by ACE/ANM themselves.
Cheers,
David K.
10-21-2009 09:45 PM
Thanks for your reply David.
I just wanted to confirm this, based on the statement in the "ACE Authentication to ACE" document which states "Each Context can have one user with a designated Role of "Admin"".
So we will be using the ACS to provide the RBAC for ACE Native RBAC and obviuosly for ANM this is done on the ANM server.
So, I suppose then the only concern is around RBAC for ACE Native RBAC via ACS based on the the statement above.
Thanks again.
Paul.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide