18-5
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
18






Administering

the

Cisco

Application

Networking

Manager
Controlling
Access

to

Cisco

ANM
The
following

is

an

example

of

RBAC

containment.
All
other

user

interfaces,

such

as

configuration

and

monitoring,

respect

this

role-based

access

control
policy:


Roles
limit

th

e

screens

(or

fun

ctions

on

those

screens)

th

at

a

us

er

can

see.


Domains
limit
the

objects

that

are

listed

on
any
window

that

the

roles

allow.


Users
(other

than

the

system

administrator)

can

only

create

subdomains
of
the

domains

to

which
they
are

assigned.


The
system

administrator

user
can

see

and

modify

all
objects.
All

other

users

are

subject

to

the
role-based
access

controls

illustrated

in

Figure

18-1 .
Related
Topics


Types
of

Users,

page
18-5


Understanding
Roles,

page
18-6


Understanding
Operations

Privileges,

page
18-6


Understanding
Domains,

page
18-7


Understanding
Organizations,

page
18-7


Managing
User
Accounts,

page
18-17
Types
of

Users
Two
types

of

users

configure

and

monitor

the

ANM

system:


Default
users—Individuals

associated

with

the

data

center

or

IT

department
where

ANM

is
installed.
The

default

administrative

account

(user

ID

is

admin)

is

a

system

user

account

that

is
preconfigured
on

ANM.

The

default

administrative

password

(admin)

i

s

also

preconfigured

on
ANM.
You

can

change

the

password

for

the

admin

user

account

in

the

same

manner

as

any

other
user
password

(see

the

“Managing

User

Accounts”

section

on

page

18-17 ).
System
roles

are

defined

by

the

system

administrator

when

ANM

is

first

set

up.

System

roles

are
specified
in

terms

of

resource

types

and

operations

privileges.

For

each

system

role,

the

system
administrator
specifies

which

resource

t

ypes

a

role

can

work

with

and

what

operations

a

role

can
perform
on

each

resource

type.
Organization
We
b

m

a

s

t

e

r

s
Domains
East
Coast

servers
Central
servers
West
Coast

servers
Role
Web
server

administrator
Users
User
A
User
B
User
C
Note
Each
association

is

one-to-many.

Because

the

organization

itself

is

a
collection,
it

is

possible

for

a

role

to

be

used

in

many

organizations.