Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

ACE and ANM RBAC - Single user with Admin access

Goodday,

I would like to confirm if one can only assign a single user Admin access to a context via RBAC (either on ANM or ACE native RBAC through ACS). So is this true or not?

If so, would I be correct in assuming this excludes the default Admin user.

Also, what do you do if you need to provide Admin access to more that one user? Can it be done?

Thanks

Paul

2 REPLIES
New Member

Re: ACE and ANM RBAC - Single user with Admin access

Actually multiple users can assinged to the pre-defined ADMIN role in ACE RBAC such as the following:

myaceisnamedthis/Admin(config)# username Bob password weakpass role Admin domain default-domain

This is also true in ANM, where the user's RBAC is a cross product of the ANM defined role and domains (which is at the ANM level so that it can span multiple ACE devices and contexts).

In both cases, the AAA can be used for authentication, though authorization is performed by ACE/ANM themselves.

Cheers,

David K.

New Member

Re: ACE and ANM RBAC - Single user with Admin access

Thanks for your reply David.

I just wanted to confirm this, based on the statement in the "ACE Authentication to ACE" document which states "Each Context can have one user with a designated Role of "Admin"".

So we will be using the ACS to provide the RBAC for ACE Native RBAC and obviuosly for ANM this is done on the ANM server.

So, I suppose then the only concern is around RBAC for ACE Native RBAC via ACS based on the the statement above.

Thanks again.

Paul.

203
Views
0
Helpful
2
Replies
CreatePlease to create content