Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS and CiscoWorks 2000: Assigning User Roles.

I've modified the login module of Ciscoworks to leverage Tacacs+ authentication through my CiscoSecure server, but I haven't been able to map particular CiscoSecure user roles to Ciscoworks user roles. I can specifically create an account within Ciscoworks with the same name and assign that user a Ciscoworks role, but that prevents me from leveraging the groups used in cisco secure. I'd like to be able to create a new command authorization set and attach it to an existing CiscoSecure group. This process is referred to in multiple documents, but I can't the actual "how to" anywhere.

New Member

Re: ACS and CiscoWorks 2000: Assigning User Roles.

We notice the same problem here too!

We have network admin access managed by ACS. I tried to enable the TACACS+ module of Ciscowork but I only have help desk privilege.

Is that a limitation of Ciscowork or a config I am missing?

The workaround is the same as you. I need to create all network admin in Ciscowork locally.

Have you find another way?


New Member

Re: ACS and CiscoWorks 2000: Assigning User Roles.

No other approach found. We are implementing it with the locally mapped piece.

New Member

Re: ACS and CiscoWorks 2000: Assigning User Roles.

This is the ONLY way =

Look at what can be found in the ONLINE HELP of

CiscoWorks LMS when seraching at "login module" =

The CiscoWorks Server provides the mechanism used to authenticate users for CiscoWorks applications. However, many network managers already have a means of authenticating users. To use your current authentication database for CiscoWorks authentication, you can select a login module (NT, UNIX, TACACS+, Radius, and others).

After you select and configure a login module, all authentication transactions are performed by that source. The CiscoWorks Server still determines user roles; therefore, all users must be in the local database of user IDs and passwords. Users who are authenticated by an alternative service and who are not in the local database are assigned to the same role as the guest user (by default, the Help Desk role). To assign a user to a different role, such as the System Admin role, you must configure the user locally. Such users must have the same user ID locally as they have in the alternative authentication source. Users log in with the user ID and password associated with the current login module.

New Member

Re: ACS and CiscoWorks 2000: Assigning User Roles.

Is there anyway to adjust the default role such that it maps to a different type of Ciscoworks role (e.g. System Admin)?

CreatePlease login to create content