-
Using Management Center for VPN Routers 1.3
-
Preface
-
Introduction
-
Getting Started with Router MC
-
Router MC Scenarios
-
Working with Activities
-
Managing Devices
-
Configuring VPN Settings
-
Configuring an IOS Firewall on your VPN Router
-
Defining IKE Policies
-
Defining VPN Tunnel Policies
-
Configuring Translation Rules
-
Working with Building Blocks
-
Uploading Device Configurations
-
Deploying Configurations
-
Viewing Reports
-
Router MC Administration
-
Troubleshooting
-
Router MC Operating Prerequisites
-
Router MC User Permissions
-
Table Of Contents
CiscoWorks Server Roles and Router MC Permissions
ACS Roles and Router MC Permissions
Router MC User Permissions
To log into Router MC, your username and password must be authenticated. After authentication, Router MC establishes what your role is within the application. This role defines the set of Router MC tasks or operations that you are authorized to do. If you are not authorized for certain Router MC tasks or for certain devices, the related Router MC menu items, TOC items, and buttons will be hidden or disabled.
Authentication and authorization for Router MC is managed either by the CiscoWorks server or by the Cisco Secure Access Control Server (ACS). By default, authentication and authorization is managed by CiscoWorks. You can change to ACS using CiscoWorks Common Services. See the documentation for CiscoWorks Common Services for details on how to specify ACS for authentication and authorization.
User permissions for Router MC are described in the following topics:
•
CiscoWorks Server Roles and Router MC Permissions
•
CiscoWorks Server Roles and Router MC Permissions
CiscoWorks has five role types corresponding to likely functions within your organization:
•
•
•
•
•
Table A-1 shows how Router MC permissions are mapped to these roles in ACS.
ACS Roles and Router MC Permissions
Cisco Secure Access Control Server (ACS) supports application-specific roles. Each role is made up of a set of permissions that determine the role's level of access to Router MC tasks. Each user group is assigned a role and each user in the group can perform Router MC actions based on the permissions in the role.
Furthermore, these roles can be assigned to ACS device groups, allowing permissions to be differentiated on different sets of devices. ACS device groups are completely independent of Router MC device groups.
Note
Router MC provides default roles and permissions in ACS. Some permissions must be configured on the managed devices and others on the Router MC Management Station, as specified below. The available Router MC permissions in ACS are as follows:
View Config—User can view settings and policies but cannot make changes.
View Admin—User can view Router MC application settings. This permission must be configured on the Router MC Management Station.
View CLI—User can view the current and previous configuration on managed devices and can preview the CLI commands to be generated for or deployed to the devices by Router MC.
Modify Config—User can define and modify policies.
Modify Device-List—User make changes to the Router MC device inventory. This permission must be configured on the Router MC Management Station.
Modify Admin—User can modify Router MC application settings. This permission must be configured on the Router MC Management Station.
Approve Activity—User can approve activities. This permission must be configured on the Router MC Management Station.
Approve Job—User can approve jobs. This permission must be configured on the Router MC Management Station.
Deploy—User can deploy VPN and firewall policy configurations to devices or files.
These permissions are mapped to roles in ACS. These roles are the same as the CiscoWorks roles (see CiscoWorks Server Roles and Router MC Permissions).
Table A-1 describes Router MC permissions, the Router MC tasks allowed for each permission, and the CiscoWorks roles to which the permissions are mapped.
