The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
Cisco Monitor Manager uses roles and levels to manage user access. One of the following levels can be assigned to each role that you create:
Each role is assigned one or more groups, which are collections of resources. Group resources are non-ISL ports that are specifically assigned to that group. After you have created a group, you can assign that group to a role.
For information about AAA integration, see the Cisco Extensible Network Controller Configuration Guide.
Roles can be configured to permit role-based access to multiple Cisco Monitor Manager disjoint networks.
For example, if you have two networks, the first named eng and the second named hr1, the network administrator can create a Cisco Monitor Manager role that has access to both networks. The access level for network eng can be assigned as App-Admin, and the access level for network hr1 can be assigned as App-User.
The steps below provide a guide to creating an example role named "MM-role-eng-hr1" that will have access to multiple Cisco Monitor Manager disjoint networks.
Note | Do not enter the quotation marks (" ") used in the example steps. |
Step 1 | Log in to the first Cisco Monitor Manager network, in this example, eng, with the App-Administrator role user name and password. |
Step 2 | On the menu bar, choose Settings from the Admin drop-down list . |
Step 3 | Click Add Role. |
Step 4 | In the
Name field of the
Add
Role dialog box, enter a name for the role, for example,
"MM-role-eng-hr1".
The name may contain between 1 and 256 alphanumeric characters including the following special characters: underscore (_), hyphen (-), plus (+), equals (=), open parenthesis ("("), closed parenthesis (")"), vertical bar (|), or at sign (@). |
Step 5 | From the Level drop-down list, choose App-Administrator. |
Step 6 | Click Submit. |
Step 7 | From the menu bar, choose network hr1 from the network drop-down, or log in to network hr1 with the App-Administrator role name and password. |
Step 8 | Repeat Steps 2 and 3. |
Step 9 | In the Name field of the Add Role dialog box, enter the same name for the role that you entered in Step 4. |
Step 10 | From the Level drop-down list, choose App-User. |
Step 11 | Click
Submit.
The role "MM-role-eng-hr1" now has App-Administrator permissions to network eng and App-User permissions to network hr1. |
Note | You cannot remove roles that were created by Cisco XNC |
Step 1 | On the Admin drop-down list, choose Settings. |
Step 2 | On the Groups tab, click Add Group. |
Step 3 |
In the Add Resource Group dialog box, enter the name that you want to use for the resource group. The name may contain between 1 and 256 alphanumeric characters including the following special characters: underscore (_), hyphen (-), plus (+), equals (=), open parenthesis ("("), closed parenthesis (")"), vertical bar (|), or at sign (@). |
Step 4 | Click Submit. |
Assign resources to the group.
Create a group.
Step 1 | On the Admin drop-down list, choose Settings. |
Step 2 | On the Groups tab, choose the group to which you want to add resources. |
Step 3 | Choose a node in the topology diagram. |
Step 4 | In the Add Ports to Group dialog box, choose the ports that you want to add to the group. |
Step 5 | Click Submit. |
Step 6 | Repeat Step 3 through Step 5 for all of the ports that you want to add. |
Step 7 | To remove a resource, choose one or more ports in the Group Detail table, and then click Remove Ports. |
Step 8 | In the Remove Ports dialog box, click Remove. |
Assign the group to a role.
The following groups cannot be removed:
Step 1 | On the Admin drop-down list, choose Settings. | ||||||||||
Step 2 | Choose the Assign tab. | ||||||||||
Step 3 | Click Assign next to the role for which you want to assign a group. | ||||||||||
Step 4 | In the
Configure
Role dialog box, complete the following fields:
| ||||||||||
Step 5 | Click Apply. |