Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

CSM 3.1.1: restricting policies which can be deployed

Hi,

I'm trying to restrict the policies that can be deployed by CSM to only Security and NAT, is there a way of doing this from within CSM or is command authorisation via an ACS the only option?

I'm basically trying to stop out of band changes being overwritten when everything is pushed.

Regards

1 REPLY
Silver

Re: CSM 3.1.1: restricting policies which can be deployed

I think you can restrict the polices by understanding the concept of locking in CSM. Security Manager has a locking mechanism that is useful in organizations where several people have the authority to make configuration changes. It prevents a potential situation in which two or more people are making changes to the same device, policy, policy assignment, or object at the same time. When a lock is applied, a message is displayed across the top of the work area to other users who access that device or policy.

114
Views
0
Helpful
1
Replies
CreatePlease to create content