06-18-2008 12:26 PM
Sorry for yet another question.
As I've discussed before we are implementing LMS 3.01 integrated with ACS 4.1.4 in a secure environment with strict security rules.
We've hit another security related issue.
Within ACS we've setup custom roles for LMS functions to provide a secure role based separation model (e.g. each roles has rights to perform their role and nothing more).
NetConfig and NetShow have the ability to assign tasks to others, which breaks this model.
e.g. someone with access to NetConfig can assign a task to someone who shouldn't be allowed to make changes on the network!
Hence within ACS we removed the rights:
RME, Config Management, NetConfig, NetConfig Assign Tasks
RME, Tools, Network Show Commands, Assign Netshow command Sets to Users
Disabling these seem to render both NetConfig and NetShow useless (no command sets to choose from, hence no ability to use the tool).
How do we deal with this? Are we doing something wrong?
Surely we don't have to give people the ability to assign rights to other people who shouldn't be allowed them to make the tools work?
Thanks
Michael
Solved! Go to Solution.
07-03-2008 11:38 AM
Sorry, this has to be done in LMS as these Netconfig templates are only known to LMS.
06-18-2008 07:50 PM
The ability to assign tasks to users is typically reserved for administrators. It is not required to be able to use the application. If you have assigned your users the tasks Netconfig Jobs, Netconfig Create Jobs, and Netconfig User Defined Tasks, those users should be able to see tasks and create jobs in Netconfig. Please post a screenshot showing what roles you've assigned, and what you're seeing (or not seeing) in RME.
07-03-2008 07:01 AM
07-03-2008 10:56 AM
Okay, I understand now. What you need to do as an administrator is assign the tasks each user will need under RME > Config Mgmt > Netconfig > Assigning Tasks. Once you do that, they will be able to see their assigned tasks without needing the Assign Tasks privilege.
07-03-2008 11:06 AM
Ahh that makes more sense.
Is there any way of doing this in ACS?
Currently all permissions are assigned to user groups ACS (potentially 100+ users) so would rather not have to manually assign rights within LMS for each user as staff turnover in NMC/Service Desk teams is high!
07-03-2008 11:38 AM
Sorry, this has to be done in LMS as these Netconfig templates are only known to LMS.
07-03-2008 11:44 AM
Shame - maybe a suggestion to product development to integrate these things to ACS as per command authorisation sets - would make large enterprise management much easier!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: