Cisco Systems OL-9351-01 Modifying Roles and Privileges in Cisco Secure ACS

2-7

User Guide for Cisco Unified Service Monitor

OL-9351-01

Chapter2 Data Management and System Administration

Configuring Users (ACS and Non-ACS)

By default, the CiscoWorks Local login module authentication scheme has five roles in the ACS mode.

They are listed here from least privileged to most privileged:

Cisco Secure ACS allows you to modify the privileges to these roles. You can also create custom roles

and privileges that help you customize Service Monitor to best suit your business workflow and needs.

To modify the default privileges, see Cisco Secure ACS online help. (On Cisco Secure ACS, click Online

Documentation > Shared Profile Components> Command Authorization Sets.)

Modifying Roles and Privileges in Cisco Secure ACS

If another instance of Service Monitor is registered with the same Cisco Secure ACS, your instance of

Service Monitor will inherit those role settings. Furthermore, any changes you make to Service Monitor

roles will be propagated to other instances of Service Monitor through Cisco Secure ACS. If you reinstall

Service Monitor, your Cisco Secure ACS settings will automatically be applied upon Service Monitor

restart.

Step 1 Select Shared Profile Components > Cisco Unified Service Monitor and click the Service Monitor

roles that you want to modify.

Step 2 Select or dese lect any of the Service Monitor tasks that suit your business workflow and needs.

Step 3 Click Submit.

Help Desk User with this role has the privileges to access network status information

from the persisted data. User does not have the privilege to contact any

device or schedule a job that will reach the network.

Example: View details for Cisco1040, setup, and default configuration.

(Cannot perform modifications.)

Approver User with this role does not have any privileges. (Service Monitor does not

assign any tasks to this user role.)

Network Operator User with this role has the privilege to perform all tasks that involve

collecting data from the network. User does not have write access on the

network.

Example: Set up Service Monitor, add, modify, delete Cisco1040s.

Network Administrator User with this role has the privilege to change the network. User can also

perform Network Operator tasks.

Example: Same as Network Operator.

System Administrator User with this role has the privilege to perform all system administration

tasks. See the Permission Report. (Click the CiscoWorks link in the upper

righthand corner of the Service Monitor home page and select Common

Services > Server > Reports > Permission Report > Generate Report).

Example: Enable and disable debugging; set logging level.