06-05-2008 07:10 AM
Hi,
We have integrated LMS 3.01 with Cisco Secure ACS 4.1.
We want to stop users deleting jobs so that we can maintain job history (see post in AAA forum as to why).
Within ACS Shared Profile Components with have removed:
Inventory - Delete Job
CDA - Delete Job
Config Editor - Delete Job
Software Management Jobs - Delete
This works fine (delete button greyed out) if the user browses to the specific Job Management screen, e.g.
RME > Config Management > Config Editor > Config Editor Jobs
However if we allow the user the "RME Jobs" right within ACS they can still delete jobs from:
RME > Job Management
Is this a bug? Why should you be allowed to delete jobs from RME Job management if you don't have the permissions to delete jobs within the individual components?
Thanks
Michael
Solved! Go to Solution.
06-05-2008 08:48 AM
RME Jobs is a separate task designed for uber administrators. When it is authorized, it doesn't check the underlying job type delete task. It just assumes that if you have access to this interface, you are a full administrator. Do not grant access to this interface to those that should not be deleting jobs.
06-05-2008 08:48 AM
RME Jobs is a separate task designed for uber administrators. When it is authorized, it doesn't check the underlying job type delete task. It just assumes that if you have access to this interface, you are a full administrator. Do not grant access to this interface to those that should not be deleting jobs.
06-05-2008 11:20 AM
Thanks - will do.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: