Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
434
Views
0
Helpful
2
Replies

ACE and ANM RBAC - Single user with Admin access

Paul Pinto
Level 1
Level 1

‎10-21-2009 09:09 AM

Goodday,

I would like to confirm if one can only assign a single user Admin access to a context via RBAC (either on ANM or ACE native RBAC through ACS). So is this true or not?

If so, would I be correct in assuming this excludes the default Admin user.

Also, what do you do if you need to provide Admin access to more that one user? Can it be done?

Thanks

Paul

Labels:
0 Helpful
2 Replies 2

dkirsch
Level 1
Level 1

‎10-21-2009 03:10 PM

Actually multiple users can assinged to the pre-defined ADMIN role in ACE RBAC such as the following:

myaceisnamedthis/Admin(config)# username Bob password weakpass role Admin domain default-domain

This is also true in ANM, where the user's RBAC is a cross product of the ANM defined role and domains (which is at the ANM level so that it can span multiple ACE devices and contexts).

In both cases, the AAA can be used for authentication, though authorization is performed by ACE/ANM themselves.

Cheers,

David K.

0 Helpful

Paul Pinto
Level 1
Level 1
In response to dkirsch

‎10-21-2009 09:45 PM

Thanks for your reply David.

I just wanted to confirm this, based on the statement in the "ACE Authentication to ACE" document which states "Each Context can have one user with a designated Role of "Admin"".

So we will be using the ACS to provide the RBAC for ACE Native RBAC and obviuosly for ANM this is done on the ANM server.

So, I suppose then the only concern is around RBAC for ACE Native RBAC via ACS based on the the statement above.

Thanks again.

Paul.

0 Helpful
Customers Also Viewed These Support Documents