Cisco Systems OL-24201-01 Configuring System Administrators and Accounts, Understanding Roles

Chapter 16 Managing System Administrators

Configuring System Administrators and Accounts

Understanding Authentication

An authentication request is the first operation for every management session. If authentication fails, the management session is terminated. But if authentication passes, the management session continues until the administrator logs out or the session times out.

ACS 5.3 authenticates every login operation by using user credentials (username and password). Then, by using the administrator and role definitions, ACS fetches the appropriate permissions and answers subsequent authorization requests.

The ACS user interface displays the functions and options for which you have the necessary administrator privileges only.

Note Allow a few seconds before logging back in so that changes in the system have time to propagate.

Related Topics

•Understanding Administrator Roles and Accounts, page 16-2

•Configuring System Administrators and Accounts, page 16-3

Configuring System Administrators and Accounts

This section contains the following topics:

•Understanding Roles

•Administrator Accounts and Role Association

•Creating, Duplicating, Editing, and Deleting Administrator Accounts

•Viewing Role Properties

Understanding Roles

Roles consist of typical administrator tasks, each with an associated set of permissions. Each administrator can have more than one predefined role, and a role can apply to multiple administrators. As a result, you can configure multiple tasks for a single administrator and multiple administrators for a single task.

You use the Administrator Accounts page to assign roles. In general, a precise definition of roles is the recommended starting point. Refer to Creating, Duplicating, Editing, and Deleting Administrator Accounts, page 16-6for more information.

Note The ACS web interface displays only the functions for which you have privileges. For example, if your role is Network Device Admin, the System Administration drawer does not appear because you do not have permissions for the functions in that drawer.