Chapter 11 Administering DFM (Advanced)
System Administration
Using DFM in ACS Mode
Before performing any tasks that are mentioned here, you must ensure that you have successfully completed configuring Cisco Secure ACS with the CiscoWorks server. If you have installed DFM after configuring the CiscoWorks Login Module to the ACS mode, then DFM users are not granted any permissions. However, the DFM application is registered to Cisco Secure ACS.
CiscoWorks login modules allow you to add new users using a source of authentication other than the native CiscoWorks server mechanism (that is, the CiscoWorks Local login module). You can use the Cisco Secure ACS services for this purpose. You can integrate the CiscoWorks server with CiscoSecure ACS to provide improved access control using Authentication, Authorization, and Accounting.
The following topics provide information on how to use DFM in the ACS mode:
•Modifying CiscoWorks Roles and Privileges, page 11-7
•Device-Based Filtering, page 11-7
By default, the CiscoWorks server authentication scheme has six roles. They are listed here from least privileged to most privileged:
Help Desk | User with this role has the privileges to access network status information from the |
| persisted data. User does not have the privilege to contact any device or schedule a |
| job that will reach the network. |
|
|
Approver | User with this role has the privilege to approve all DFM tasks. User can also perform |
| all the Help Desk tasks. |
|
|
Network | User with this role has the privilege to perform all tasks that involve collecting data |
Operator | from the network. User does not have write access on the network. User can also |
| perform all the Approver tasks. |
|
|
Network | User with this role has the privilege to change the network. User can also perform |
Administrator | Network Operator tasks. |
|
|
System | User with this role has the privilege to perform all CiscoWorks system administration |
Administrator | tasks. See the Permission Report on the CiscoWorks server (Common Services > |
| Server > Reports > Permission Report). |
|
|
Super Admin | User with this role has full access rights to perform any CiscoWorks tasks, including |
| administration and approval tasks. |
| When you integrate your CiscoWorks server with your ACS server, you just need to |
| do the following: |
| 1. Create a System Identity User in ACS. |
| 2. Assign the Super Admin role to the user for all CiscoWorks applications. |
| You need not create a custom role with all the privileges and assign that role to the |
| user. You can assign this role to a user only on the CiscoSecure ACS server and only |
| when the login module is set to ACS. This role is not visible in CiscoWorks local |
| mode and during the local user setup in the CiscoWorks server. |
|
|
Cisco Secure ACS allows you to modify the privileges to these roles. You can also create custom roles and privileges that help you customize Common Services client applications to best suit your business workflow and needs.
To modify the default CiscoWorks roles and privileges, see Modifying CiscoWorks Roles and Privileges, page
| User Guide for Device Fault Manager |
|
