5-53
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
5






Importing

and

Managing

Devices
Configuring
ACE

Module

and

Appliance

Role-Based

Access

Controls


Click
Next
t

o
deploy
your

entries

and

to
add
another

VLAN

group.
Related
Topics


Managing
Catalyst

6500

Series

Chassis

or

Cisco

7600

Series

Router

VLANs,

page
5-48


Configuring
Device

Layer

3

VLANs,

page
5-51


Configuring
Device

Layer

2

VLANs,

page
5-50


Displaying
All

Device

VLANs,

page
5-49
Configuring
ACE

Module

and

Appliance

Role-Based

Access
Controls
ANM
provides

an

interface

to

allow

you

to

configure

device

Role-Based

Access

Control

(RBAC)

on

the
device
only.

The

RBAC

feature

applies

to

ACE

modules

and

appliances

only

and

is

applicable

only

on
the
device

and

is

not

enforced

by

ANM.

If

you

want

to

set

up

a

uthorization

in

ANM,

go

to

Admin

>
Role-Based
Access

Control.
This
section

includes

the

following

topics:


Configuring
Device

RBAC

Users,

page
5-53


Configuring
Device

RBAC

Roles,

page
5-56


Configuring
Device

RBAC

Domains,

page
5-61
Configuring
Device

RBAC

Users
ANM
provides

an

interface

that

allows

you

to

configure

user

access

to

your

device

through

role-based
access
controls

on

the

device

only.

This

configuration

is

applicable

only

on

the

device

and

will

not

be
enforced
by

ANM.
Use
the

Role-Based

Access

Control

feature

to

specify

the

people

that

are

allowed

to

log

onto

a

device.
This
section

includes

the

following

topics:


Guidelines
for

Managing

Users,

page
5-53


Displaying
a

List
of
Device

Users,

page
5-54


Configuring
Device

User
Accounts,
page
5-54


Modifying
Device

User

Accounts,

page
5-55


Deleting
Device
User
Accounts,

page
5-56
Guidelines
for

Managing

Users
Follow
these

guidelines

for

managing

users:


For
users

that

you
create
in
the
Admin

context,

the

default

scope

of

access

is

for

the

entire

ACE.


If
you

do

not


assi

gn

a
role
to
a

new

user,
the
default

user

role

is

Network-Monitor.

For

users

that
you
create

in

other

contexts,

the

default

scope

of

access

is

the

entire

context.


Users
cannot
log
in
until

they

are

associated

with

a

domain

and

a

user

role.