-
Java API Reference Guide for Cisco License Manager
-
License and Warranty Information
-
Preface
-
Chapter 1: Getting Started
-
Chapter 2: Access Control Functions
-
Chapter 3: AuditTrail Management Functions
-
Chapter 4: Device Group Management Functions
-
Chapter 5: Device Management Functions
-
Chapter 6: Folder Management Functions
-
Chapter 7: License Inventory Management Functions
-
Chapter 8: License Line Management Functions
-
Chapter 9: License Manager Class Constructors
-
Chapter 10: Notification Handling Functions
-
Chapter 11: PAK Management Functions
-
Chapter 12: Policy Management Functions
-
Chapter 13: Report Management Functions
-
Chapter 14: Scheduler Management Functions
-
Chapter 15: Troubleshooting Utility Functions
-
Chapter 16: User Login and Logout Functions
-
Chapter 17. User Management Functions
-
Appendix A: Sample Client Program in Java
-
Appendix B: Data Object Definitions
-
Appendix C: Access Control
-
Table Of Contents
Access Control
This appendix provides information about the following levels of access control in Cisco License Manager, as well as the rules of control:
User Control
Cisco License Manager supports the following role-based user management for granular access to resources and features:
•
Administrator
•
•
•
•
The following table provides a matrix of operations each role can perform. If an API is not listed in this table, it is open to all users.
createUser
X
deleteUser
X
addUserToDeviceAccessList
X
removeUserFromDeviceAccessList
X
removeAccessListFromDevice
X
addUserToGroupAccessList
X
removeUserFromGroupAccessList
X
removeAccessListFromGroup
X
addUserToPAKAccessList1
X
X
X
removeUserFromPAKAccessList1
X
X
X
asynDiscoverDevices
X
asynPollDeviceLicenseInfo2
X
X
createDevicesByIPAddr
X
reCreateDevicesByIPAddr
X
createDevicesByUDI
X
checkDeviceConnection 2
X
X
X
X
X
readDevices2
X
X
X
X
X
writeDevices2
X
X
deleteDevices
X
createDeviceGroup
X
X
renameDeviceGroup
X
X
deleteDeviceGroup
X
X
addDevicesToGroup
X
X
removeDeviceFromGroup
X
X
asyncDownloadPAKInfo1
X
X
X
createPAKs
X
X
X
readPAKs1,3
X
X
X
X
X
writePAKs1
X
X
X
deletePAKs1
X
X
X
asyncObtainLicense2
X
X
X
X
writeLicenses
X
X
X
X
getLicensesOnDevice2
X
X
X
X
asyncDeployLicenses2
X
X
X
X
rehostLicenses
X
X
X
X
resendLicense
X
X
X
X
reObtainLicense2
X
X
X
X
asyncAnnotateLicense
X
X
X
X
initRehostLicenses
X
X
X
X
revokeLicenseFroRehost
X
X
X
X
obtainLicenseForRehost
X
X
X
X
getRehostInfo
X
X
X
X
writeLicenseLines
X
X
X
X
getLicenseLinesOnDevice2
X
X
X
X
asyncDeployLicenseLines2
X
X
X
X
asyncAnnotateLicensesLine
X
X
X
X
listExpiredLicenseLines
X
X
X
X
createFolder
X
X
X
X
renameFolder
X
X
X
X
deleteFolder
X
X
X
X
addPAKsToFolder
X
X
X
X
removePAKsFromFolder
X
X
X
X
generateReport
X
X
X
X
X
readReport
X
X
X
X
X
1 Subject to PAK access control.
2 Subject to device and device group access control.
3 User in PAK Management or higher roles can see PAK ID in plain text. Users in License Managmeent and lower roles can only see the last few letters/digits of PAK ID.
Device Control
An access list is associated with each device and each device group. An access list contains a list of usernames that are allowed to access a particular device or device groups. If no access list exists, the device or device group is open to all users. Only users in an Administrator role can modify the access list.
PAK Control
Each PAK has a owner and also an access list associated with it. PAK owner is the creator of the PAK. Only the PAK owner or users in an Administrator role can modify PAK access list.
Rules of Control
For users in an Administrator role:
•
For users not in an Administrator role:
•
•
•