Cisco Crosswork Network Controller 7.2 Administration Guide

PDF

User accounts

Want to summarize with AI?

Log in

Explains how administrators prepare user accounts, roles, passwords, audit logs, and NACM access controls for Crosswork Network Controller users.


Users are accounts that administrators create for people who use Crosswork Network Controller.

As a best practice, administrators should create separate accounts for all users. Prepare a list of the people who will use Crosswork Network Controller. Decide on their user names and preliminary passwords, and create user profiles for them. During the creation of a user account, you assign a user role to determine the functionality that the user can access. If you use user roles other than "admin", create the user roles before you add your users (refer to Create user roles).

You can optionally view the Network Configuration Access Control Model (NACM) rules that let admin members grant access to devices in selected groups and deny access to other devices.

Note

In geo-redundant deployments, if you create a new role on the active cluster and assign that role to a new user, the new user might not be able to log in to the standby cluster immediately. The role data is replicated to the standby database immediately, but the standby cluster updates the cache only during the next scheduled sync or a manual sync operation. Perform a manual sync, or wait for the next scheduled sync, before the new user logs in to the standby cluster. Otherwise, the standby cluster might not find the new role for that user and can display an authorization error.


Administrative users created during installation

During installation, Crosswork Network Controller creates two special administrative IDs:

  1. The virtual machine administrator, with the username cw-admin, and the default password admin. Data center administrators use this ID to log in to and troubleshoot the VM hosting the Crosswork Network Controller server.

  2. The Cisco Crosswork administrator, with the username admin and the default password admin. Product administrators use this ID to log in to and configure the user interface, and to perform special operations, such as creating new user IDs.

The default password for both administrative user IDs must be changed the first time they are used.


Add a user

This topic explains how to add a user in Crosswork Network Controller.

Procedure

1.

From the main menu, select Administration > Users and Roles > Users tab. From this window, you can add a new user, edit the settings for an existing user, and delete a user.

2.

To add a new user:

  1. Click Add icon and enter the required user details.

    When you are configuring Device Access Groups for your users, select the Device Access Group listed in the right pane to assign it to the new user you are creating.

    Note
    1. By default users associated with ALL-ACCESS Device Access Group are provided access to ALL devices.

    2. You must associate at least one Device Access Group to a user.

  2. Click Save.


Edit a user

This topic explains how to edit settings for an existing user.

Procedure

1.

From the main menu, select Administration > Users and Roles > Users tab. From this window, you can add a new user, edit the settings for an existing user, and delete a user.

2.

To edit a user:

  1. Click the checkbox next to the User and click Edit icon.

  2. After making changes, click Save.


Delete a user

This topic explains how to delete an user account.

Procedure

1.

From the main menu, select Administration > Users and Roles > Users tab. From this window, you can add a new user, edit the settings for an existing user, and delete a user.

2.

To delete a user:

  1. Click the checkbox next to the User and click Delete icon.

  2. In the Confirm Deletion window, click Delete.


View user audit logs

This topic explains the steps to view the audit logs for a selected user.

Procedure

1.

From the main menu, select Administration > Users and Roles > Users tab. From this window, you can add a new user, edit the settings for an existing user, and delete a user.

2.

To view the audit log for a user:

  1. Click the icon under the Actions column, and select Audit Log.

    The Audit Log window is displayed for the selected user name.


Generate NACM rules for users

This topic explains the steps to generate NACM rules for a selected user.

Procedure

1.

From the main menu, select Administration > Users and Roles > Users tab. From this window, you can add a new user, edit the settings for an existing user, and delete a user.

2.

To view NACM rules for a user:

  1. Click the icon under the Actions column, and select Generate NACM Rules.

    The NACM Rules window is displayed for the selected user name.

    If you have an NSO service configured on your Crosswork Network Controller, you can generate NACM rules by clicking the icon under the Actions column for a user and selecting Generate NACM Rules. This integrates device-level NACM control with the NSO workflow. Note that for each unique combination of Device Access Group associated with a user, there is:

    • A NACM group associated with the user.

    • A corresponding NACM rule list associated with the user.

    The rule allows access to devices in selected Device Access Groups and denies access to other devices. You can copy the XML rules file and add it in your NSO NACM Rule configuration setup. The options available under the NSO Actions tab, located in Device Management > Network Devices, are also restricted based on the Device Access Groups permissions of the user.

    You can also view the Crosswork Network Controller Audit log and the NSO commit logs to track and verify the activities of users using the NACM rules, ensuring traceability.