2-7
User Guide for Cisco Unified Service Monitor
OL-9351-01
Chapter2 Data Management and System Administration
Configuring Users (ACS and Non-ACS)
By default, the CiscoWorks Local login module authentication scheme has five roles in the ACS mode.
They are listed here from least privileged to most privileged:
Cisco Secure ACS allows you to modify the privileges to these roles. You can also create custom roles
and privileges that help you customize Service Monitor to best suit your business workflow and needs.
To modify the default privileges, see Cisco Secure ACS online help. (On Cisco Secure ACS, click Online
Documentation > Shared Profile Components> Command Authorization Sets.)
Modifying Roles and Privileges in Cisco Secure ACSIf another instance of Service Monitor is registered with the same Cisco Secure ACS, your instance of
Service Monitor will inherit those role settings. Furthermore, any changes you make to Service Monitor
roles will be propagated to other instances of Service Monitor through Cisco Secure ACS. If you reinstall
Service Monitor, your Cisco Secure ACS settings will automatically be applied upon Service Monitor
restart.
Step 1 Select Shared Profile Components > Cisco Unified Service Monitor and click the Service Monitor
roles that you want to modify.
Step 2 Select or dese lect any of the Service Monitor tasks that suit your business workflow and needs.
Step 3 Click Submit.
Help Desk User with this role has the privileges to access network status information
from the persisted data. User does not have the privilege to contact any
device or schedule a job that will reach the network.
Example: View details for Cisco1040, setup, and default configuration.
(Cannot perform modifications.)
Approver User with this role does not have any privileges. (Service Monitor does not
assign any tasks to this user role.)
Network Operator User with this role has the privilege to perform all tasks that involve
collecting data from the network. User does not have write access on the
network.
Example: Set up Service Monitor, add, modify, delete Cisco1040s.
Network Administrator User with this role has the privilege to change the network. User can also
perform Network Operator tasks.
Example: Same as Network Operator.
System Administrator User with this role has the privilege to perform all system administration
tasks. See the Permission Report. (Click the CiscoWorks link in the upper
righthand corner of the Service Monitor home page and select Common
Services > Server > Reports > Permission Report > Generate Report).
Example: Enable and disable debugging; set logging level.