The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
Cisco Monitor Manager uses roles and levels to manage user access. One of the following levels can be assigned to each role that you create:
Each role is assigned to one or more groups, which are collections of resources. Group resources are non-Inter Switch Link (ISL) ports that are specifically assigned to that group. After you have created a group, you can assign that group to a role.
For information about AAA integration, see the Cisco Extensible Network Controller Configuration Guide.
Multiple disjoint networks are the virtual networks that you create using the Slice Manager in the Cisco Extensible Network Controller (XNC) application. Roles can be configured to permit role-based access to multiple Cisco Monitor Manager disjoint networks.
For example, if you have two networks, the first named dev and the second named prod, the network administrator can create a user that has access to both networks but with difference privileges for each network. The access level for network dev can be assigned as App-Admin, and the access level for network prod can be assigned as App-User.
The App-Admin privilege provides the ability to create, edit, and delete his or other roles' rules and filters on the assigned network, in this case, dev. The App-User privilege provides the ability to create, edit, and delete rules and filters owned by this role only on the assigned network, in this case, prod. The application user role can create, edit, or delete rules and filters only for the disjoint network or networks to which the role has been assigned. In addition, the application user role can view and apply filters created by the application administrator, but cannot edit or delete them.
Step 1 | Log in to the Cisco Monitor Manager network with the Network-Admin role username and password. | ||
Step 2 | Ensure that you are in the dev network. | ||
Step 3 | On the menu bar, choose Settings from the Admin drop-down list . | ||
Step 4 | Click Add Role. | ||
Step 5 | In the
Name field of the
Add
Role dialog box, enter the name for the role, for example,
MM-role-dev.
The name can contain between 1 and 256 alphanumeric characters including the following special characters: underscore ("_"), hyphen ("-"), plus ("+"), equals ("="), open parenthesis ("("), closed parenthesis (")"), vertical bar ("|"), period ("."), or at sign ("@"). | ||
Step 6 | From the Level drop-down list, choose App-Administrator. | ||
Step 7 | Click Submit. | ||
Step 8 | On the menu bar, choose the prod network from the network drop-down list. | ||
Step 9 | Repeat Steps 3 and 4 for the prod network. | ||
Step 10 | In the Name field of the Add Role dialog box, enter MM-role-prod. | ||
Step 11 | From the Level drop-down list, choose App-User. | ||
Step 12 | Click Submit. | ||
Step 13 | Assign
allPorts to role MM-role-prod under the
Assign tab.
The role MM-role-dev now has App-Administrator permissions to the network dev and the role MM-role-prod has App-User permissions to network prod. You can now create a user that has both of these application roles. Refer to the Cisco Extensible Network Controller Configuration Guide, Release 1.6 for the procedure to create users.
|
Note | You cannot remove roles that were created by Cisco Extensible Network Controller (XNC). |
Step 1 | From the Admin drop-down list, choose Settings. |
Step 2 | On the Groups tab, click Add Group. |
Step 3 | In the
Add
Resource Group dialog box, enter the name that you want to use for
the resource group.
The name can contain between 1 and 256 alphanumeric characters including the following special characters: underscore ("_"), hyphen ("-"), plus ("+"), equals ("="), open parenthesis ("("), closed parenthesis (")"), vertical bar ("|"), period ("."), or at sign ("@"). |
Step 4 | Click Submit. |
Add resources to the group.
Create a resource group.
Step 1 | From the Admin drop-down list, choose Settings. |
Step 2 | On the Groups tab, choose the group to which you want to add resources. |
Step 3 | Choose a node in the topology diagram. |
Step 4 | In the Add Ports to Group dialog box, choose the ports that you want to add to the group. |
Step 5 | Click Submit. |
Step 6 | Repeat Step 3 through Step 5 for all of the ports that you want to add. |
Step 7 | Remove a resource, or multiple resources, by choosing one or more ports in the Group Detail table, and then clicking Remove Ports. |
Step 8 | In the Remove Ports dialog box, click Remove. |
Assign the resource group to a role.
Step 1 | From the Admin drop-down list, choose Settings. | ||||||||||
Step 2 | Click the Assign tab. | ||||||||||
Step 3 | Click Assign next to the role for which you want to assign a group. | ||||||||||
Step 4 | In the
Configure
Role dialog box, complete the following fields:
| ||||||||||
Step 5 | Click Apply. |
The following groups cannot be removed: