18-6
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
18






Administering

the

Cisco

Application

Networking

Manager
Controlling
Access

to

Cisco

ANM


Organization
users—Users
who

work

for

the

customer

of

a

service

provider

or

AAA

server

that
segments
your

users

and

to

whom

you

want

to

grant

access

to

ANM.

Organization

users
automatically
have

their

access

limited

to

the

organization

to

which

they

belong.
Related
Topics


Configuring
User

Authentication

and

Authorization,
page
18-9


Managing
User
Accounts,

page
18-17


Using
an
AAA
Server

for
Remote
User
Authentication
and
Authorization,
page
18-38
Understanding
Roles
Roles
in

ANM

are

defined

by

the

system

administrator.

Roles

are

specified

in

terms

of

resource

types
and
operations

privileges.

For

each

role,

the

system

administrator

specifies

which

resource

types

a

role
can
work

with

and

what

operations

a

role

can

perform

on

each

resource

type.
When
users

are

created,

they

are

assigned

at

least

one

system

role

and

inherit

the

operations

privileges
specified
for

each

of

the

resource

types

assigned

to

that

role.
The
options

a

user

sees

in

the

menu

are

filtered

according

to

that

user’s

role

(see

the

“Displaying

User
Roles
and

Associated

Tasks

and

ANM

Menu

Privileges”

section

on

page

18-28 ).
Roles
can

be

applied

to

both

default

and

organization

users.

All

users

are

strictly

limited

by

the
combination
of

their

operations

pr

ivileges

and

user

access.

For

example,

a

user

cannot

cr

eate

another
user
who

has

greater

privileges

or


access.
Related
Topics


Configuring
User

Authentication

and

Authorization,
page
18-9


Managing
User
Accounts,

page
18-17


Managing
User

Roles,

page
18-25
Understanding
Operations

Privileges
Operations
privileges

define

what

users

can

do

i

n

the

designated

resource

types.

For

example,

each
command
and

function

on

ANM

has

an

assigned

privilege.

If

a

user’s

privileges

are

not

sufficient,

the
command
or

function

will

not

be

available

to

them.

The

following

operations

privileges

can

be

granted:


No
Access—The

user

has

no

ac

cess

t

o

this
command
or

fu

nction.
Note
If
a

user

is

configured

with

no

access

to

virtual

contexts,

it

means

absolutely

no
access
to
them.
The

most

a

user

with

this

access

can

do

is

activate

or

suspend

real

servers.


View—Allows
the

user

to

view

statistics

and
specify
parameter
collection
and

threshold
settings.
Gives
the

user

read-only

or

view

access

to

system

objects

and

information.


Modify—Allows
the

user

to

change

the

persistent

information

associated

with

system

objects,

such
as
an

organization

record,

or

configuration.


Debug—Gives
the

user

read-only

or

view

access

to

system

objects

and

information.