4-51
Cisco Prime Network 4.0 User Guide
OL-29343-01
Chapter 4 Device Configurations and Software Images Compliance Audit
Using Compliance Audit, you can create policies that can contain multiple rules, and policies can be
grouped together to create a policy profile which can be run on a set of devices, called audit of devices .
There is no limit on the number of policies, profiles, rules, and conditions that you can crea te using
Compliance Audit. It can scale up to 35,000 devices.
When a device is detected to be not confirming to a determined policy, Compliance Manager calls it a
violation. Subsequently, if available, it also recommends a fix, as configured by the administrator. The
violation details are saved in DB Schema for your reference later.
In some scenarios, the fix is readily available as configured by the adminstrator and can be directly
applied, while in some others, it has to be carefully scrutinized by the administrator before it is run.
Automatic application of some of the fixes can be disabled since it may conflict with other policies and
configurations that may be specific to the device and the setup.
This section contains the following topics:
• User Authentication and Authorization, page 4-51
• Creating Policies and Profiles, and Running a Compliance Audit Job, pag e 4- 52
User Authentication and AuthorizationCompliance Audit uses the security methods employed by Prime Netwo rk. The se are de scri bed in t h e
Cisco Prime Network 4.0 Administrator Guide.
Note If authentication fails, check the status of AVM 77 (XMP runtime DM) and Prime Network using Cisco
Prime Network Administration. Cisco Prime Network Administration displays AVM 77 only when Ciis
installed. For information on how to use Cisco Prime Network Administration, see the Cisco Prime
Network 4.0 Administrator Guide.
The GUI-based functions and required roles are listed in Table 4 -5. The sc ope of your operation depends
on your role and scope.
Note If your role is Viewer, you cannot see Compliance Audit listed in CCM despite enabling it in the Registry
Controller.
The following table lists the permissions:
Table 4-5 Default Permission/Security Level Required to Use Compliance Audit
Task Administrator Configurator OperatorPlus Operator Viewer
Creating policies X X — — —
Creating policy profiles X X X X —
Executing audit job X X X X —
Viewing audit job results X (For all
users’ jobs) X (For jobs that the
specific user has
created)
X (For Operator
Plus jobs only) X (For
Operator
jobs only)
—