cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2080
Views
0
Helpful
2
Replies

LMS RME Jobs & ACS - Rights Escalation

Mike Bailey
Level 1
Level 1

Hi,

We have integrated LMS 3.01 with Cisco Secure ACS 4.1.

We want to stop users deleting jobs so that we can maintain job history (see post in AAA forum as to why).

Within ACS Shared Profile Components with have removed:

Inventory - Delete Job

CDA - Delete Job

Config Editor - Delete Job

Software Management Jobs - Delete

This works fine (delete button greyed out) if the user browses to the specific Job Management screen, e.g.

RME > Config Management > Config Editor > Config Editor Jobs

However if we allow the user the "RME Jobs" right within ACS they can still delete jobs from:

RME > Job Management

Is this a bug? Why should you be allowed to delete jobs from RME Job management if you don't have the permissions to delete jobs within the individual components?

Thanks

Michael

1 Accepted Solution

Accepted Solutions

Joe Clarke
Cisco Employee
Cisco Employee

RME Jobs is a separate task designed for uber administrators. When it is authorized, it doesn't check the underlying job type delete task. It just assumes that if you have access to this interface, you are a full administrator. Do not grant access to this interface to those that should not be deleting jobs.

View solution in original post

2 Replies 2

Joe Clarke
Cisco Employee
Cisco Employee

RME Jobs is a separate task designed for uber administrators. When it is authorized, it doesn't check the underlying job type delete task. It just assumes that if you have access to this interface, you are a full administrator. Do not grant access to this interface to those that should not be deleting jobs.

Thanks - will do.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: