User Roles and Permissions
Your username and password must be authenticated for you to use AUS. Your username and password pair are compared with either the CiscoWorks Server or Cisco Secure Access Control Server (ACS) database, depending on which you configured to use with AUS.
After authentication, your authorization is based on the privileges that were assigned to you. A privilege is a task or operation defined within the application. The set of privileges assigned to you defines your role and dictates how much and what type of system access you have.
These topics provide details about the user roles and permissions associated with the two types of authentication methods:
AUS Privileges
AUS privileges are the major actions that you can perform. These privileges are assigned to the CiscoWorks Server and ACS roles described in the following sections:
The following table lists the AUS privileges.
CiscoWorks Server Roles and AUS Privileges
When you perform an action to devices using the CiscoWorks Server authentication method, the action is authorized according to the selected device.
The CiscoWorks Server has five roles that correspond to likely functions within your organization.
The following table lists roles for use with AUS.
Table B-3 lists AUS roles and their supported privileges. See Table B-1 for descriptions of the privileges.
|
|
||||
---|---|---|---|---|---|
Admin |
Admin |
|
|
|
|
Cisco Secure ACS Roles and AUS Privileges
Cisco Secure ACS supports roles that are application-specific. A higher-level role includes all privileges associated with lower-level roles. Unlike other applications that use ACS for authentication, AUS checks authorization with itself, not on a per-device basis.
You can use the AUS roles already defined in ACS, or you can create your own, customized roles.
For more information about using ACS and for an understanding of ACS security advantages, see the User Guide for Cisco Secure ACS for Windows Server.
The following table lists the default roles for use with AUS.
|
|
---|---|
Privileges to access only the external interface and not the GUI. |
|
Read and write privileges for viewing and modifying information on the GUI. |
Note For communication between Security Manager and AUS to be successful, the username and password entered for AUS in Security Manager must be associated with the API_Writer role, a role that has the same privileges, or the AUS remote interface.
Table B-5 lists the default AUS roles and their supported privileges. See Table B-1 for descriptions of the privileges.
|
|
|||||||
---|---|---|---|---|---|---|---|---|
Admin |
Admin |
|
|
|
|
|
|
|