Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Restricting CiscoWorks access by Network Device Group using ACS

Has anyone managed to restrict access to CiscoWorks successfully using ACS NDGs? According to the manuals it should be straightforward, but I can't make it work.

I'm trying to give a remote office a custom role in CiscoWorks to their restricted network device group, but when I login as that user I get access denied messages even trying to launch Device Centre:

You are not authorized to request the Action associated with screenID: "/device.center".

So I tested the role - works fine when it isn't restricted to an NDG. The NDG seems to work because I can get a view in DCR when restricted to NDG and I can see the devices assigned to that NDG, but pretty much everything I try in CW fails with a similar error to above.

Any tips/hints/suggestions?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Restricting CiscoWorks access by Network Device Group using

Make sure you've assigned CiscoWorks roles for that NDG for ALL applications, and make sure that role has access to the required components.

For example, for the cwhp application under the Group settings, you should associate that office's NDG with a CiscoWorks role that has "Device Center" checked under CiscoWorks Common Services (in Shared Profile Components).

Finally, you must make sure that the group associated with that office also has access to the NDG that contains the CiscoWorks server.

2 REPLIES
Cisco Employee

Re: Restricting CiscoWorks access by Network Device Group using

Make sure you've assigned CiscoWorks roles for that NDG for ALL applications, and make sure that role has access to the required components.

For example, for the cwhp application under the Group settings, you should associate that office's NDG with a CiscoWorks role that has "Device Center" checked under CiscoWorks Common Services (in Shared Profile Components).

Finally, you must make sure that the group associated with that office also has access to the NDG that contains the CiscoWorks server.

New Member

Re: Restricting CiscoWorks access by Network Device Group using

Thanks! Following your advice I added the NDG I have called 'CiscoWorks Servers' with the 'Network Administrator' role to each of the CW applications in the group configuration and it does the trick. Doesn't make any sense to me why that works - I would have thought the fact I'd already for example permitted that group to use RME and given them 'Network Administrator' would have been enough for CW to give them that role, but it fixed my issue.

247
Views
5
Helpful
2
Replies