Cisco Systems OL-11390-01 manual Configuring Users Using CiscoWorks Local Mode, 11-5

Chapter 11 Administering DFM (Advanced)

System Administration

•CiscoSecure Access Control Server (ACS) Mode—ACS specifies the privileges associated with roles; however, ACS also allows you to perform device-based filtering, so that users only see authorized devices. Using ACS, which is called ACS mode, is supported when ACS is installed on your network and DFM is registered with ACS. For more information, refer to Configuring Users Using ACS Mode, page 11-5.

If Common Services is using ACS mode, DFM must also use ACS mode; otherwise, DFM users will not have any permissions. However, if another instance of DFM is already integrated with ACS, the new DFM will also be integrated with ACS.

You can also use the CiscoWorks Assistant Server Setup workflow to set the server login mode to ACS mode, as described in User Guide for CiscoWorks Assistant 1.0.

Configuring Users Using CiscoWorks Local Mode

To add a user and specify their user role using CiscoWorks Local Mode, select Server > Security > Single-Server Management > Local User Setup from the LMS portal. Click the Help button for information on the configuration steps.

Use the CiscoWorks Permission Report to understand how each user role relates to tasks in DFM. From the LMS portal, select Server > Reports > Permission Report and scroll down until you find Device Fault Manager.

Configuring Users Using ACS Mode

To use this mode for DFM, Cisco Secure ACS must be installed on your network, and DFM must be registered with ACS.

Step 1 Verify which mode the CiscoWorks server is using. From the LMS portal, select Server > Security >

AAAMode Setup and check what is listed in the Current Settings table. Either CiscoWorks Local or TACACS (ACS) will be displayed.

Step 2 Verify whether DFM is registered with ACS (if ACS Mode is being used) by checking the ACS server.

Step 3 To modify ACS roles:

•Refer to the ACS online help (on the ACS server) for information on modifying roles.

•Refer to the Common Services online help for information on the implications of ACS on the DCR (specifically, role dependencies).

Note If you modify DFM roles using ACS, your changes will be propagated to all other instances of DFM that are using Common Services servers which are registered with the same ACS server.

See the following for other information related to ACS:

•To register applications with ACS, and for information on supported ACS versions, refer to Installing and Getting Started with CiscoWorks LAN Management Solution 3.0.

•To understand CiscoSecure Groups, Users, and Command Authorization Sets, see User Guide for CiscoSecure ACS.

•For information on the implications of ACS custom roles on the DCR, see the online help for Common Services.