Table of Contents
QPM User PermissionsWorking with User Permissions
CiscoWorks User Permissions
ACS User Permissions
QPM User Permissions
The following sections describe the user permissions for QPM, which are handled by the CiscoWorks Common Services application:
Working with User Permissions
CiscoWorks Common Services provides management of QPM user roles and privileges. QPM can work with either Cisco Secure Access Control Server (ACS) permissions or CiscoWorks permissions. QPM permissions for authentication and authorization are mapped to CiscoWorks permission roles or ACS permissions, as specified.
 |
Note To use ACS authentication and authorization, ACS 3.1 must be installed on the network. |
Before you begin to work with QPM, you should ensure that you have the appropriate permissions. ACS and CiscoWorks permissions in QPM rely on the usergroup or username, the command set or privileges associated with the usergroup or username, and the device or device group for which privileges are requested. If your username or usergroup is not authorized for certain QPM actions, the related menu items, TOC items, and buttons will be hidden or disabled.
CiscoWorks User Permissions
CiscoWorks uses the following permission roles:
The following QPM permissions are mapped to CiscoWorks permission roles:
- View—You can view any page in QPM, but you cannot make any changes. You can view historical monitoring tasks, but you cannot create or run real-time monitoring tasks.
- Modify—You can make changes to the QPM device inventory, QPM policies, and global library components, but you cannot deploy policies to the network. You can create and run monitoring tasks.
- Deploy—You can deploy policies to the network. You can create and run monitoring tasks. You cannot make any changes to QPM device or policy configurations.
Table A-1 shows how CiscoWorks roles are mapped to QPM permissions.
| CiscoWorks Role | QPM Permissions | ||
|---|---|---|---|
| View | Modify | Deploy | |
You can add your username for CiscoWorks authentication in the CiscoWorks2000 desktop.
Procedure
Step 1 In the CiscoWorks2000 desktop, select Server Configuration > Setup > Security > Add Users.
Step 2 Enter your username and password.
See Getting Started with the CiscoWorks Server for more information about setting CiscoWorks usernames and permissions.
ACS User Permissions
When you configure CiscoWorks Common Services to use ACS authorization and authentication, you add the QPM permission roles in ACS, and three new ACS permission roles are created:
The following QPM permissions are mapped to ACS permission roles:
- View—You can view pages in QPM, but you cannot make any changes. You can view historical monitoring tasks, but you cannot create or run real-time monitoring tasks.
- Modify—You can view and make changes to the QPM device inventory, QPM policies, and so on. You can create and run monitoring tasks. Modify permission does not include Deploy permission.
|
Note To modify global components, such as library components, global device settings, and so on, you must have Modify permission for the device group that contains the CiscoWorks Common Services server. |
Table A-2 shows how ACS roles are mapped to QPM permissions.
|
Note If you intend to work with ACS device groups and user permissions, you must perform the setup configuration described in Setup for Working with ACS Device Groups and User Permissions. |