18-25
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
18






Administering

the

Cisco

Application

Networking

Manager
Managing
User

Roles
Managing
User

Roles
You
use

the

Roles

Management

feature

to

add,

modify,

and

delete

user-defined

roles

and

to

modify
predefined
roles.A

user’s

role

determines

the

tasks

the

user

can

access.

Each

role

is

associated

with
permissions
or

rules

that

define

what

feature

access

this

role

contains.

For

example,

if

you

design

a

role
that
provides

access

to

virtual

servers,

the

role

automatically

includes

access

to

all

real

servers

that

could
be
included

i

n

the

vi

rtual

server.
ANM
provides

several

predefined

user

roles

that

you

can

modify

but

not

delete.

For

more

information
about
predefined

user

roles,

including

the

list

of

the

predefined

user

roles,

see

the

“Understanding
Predefined
Roles”

section

on

page

18-26 .
This
section

includes

the

following

topics:


Guidelines
for

Managing

User

Roles,

page
18-25


Understanding
Predefined

Roles,

page
18-26


Displaying
User

Role

Relationships,

page
18-27


Displaying
User

Roles

and

Associated

Tasks

and

ANM

Menu

Privileges,
page
18-28


Creating
User

Roles,

page
18-29


Duplicating
a
User

Role,

page
18-31


Modifying
User

Roles,

page
18-31


Deleting
User
Roles,

page
18-32
Guidelines
for

Managing

User

Roles
This
topic

includes

the

following

guidelines:


System
Administrators

can

view

and

modify

all
roles.


Organization
administrator
users

can

onl

y

see

and

modify

the

users,

roles,

and

domains

i

n
their
organization.


Other
users

can

only
view
the

user,

roles,

and

domains

assigned

to
them.


User-defined
roles

can

be

created

but

follow

strict

rules

about
which
tasks
can

be

selected

or
deselected.
See

the

user

interface

for

specific

dependencies

or

the

“Displaying

User

Roles

and
Associated
Tasks

and

ANM

Menu

Privileges”

section

on

pa

ge

18-28

for

role

to

task

mapping
information.


You
must

have

the

ability

to

create

real

servers

in

your
role
and

at

least

one

virtual

context

in

your
domain
before

you

can

create

real

servers.


You
must

have

the

ability

to

create

virtual

contexts

in

your
role
and

an

Admin
context
in
your
domain
before

you

can

create

virtual

contexts.


If
you

upgr

ade

t

o

ANM

2.2

any

custom

rol

es

that
are
mi

grated

retain

their
associations
but
have
different
role

definitions.

We

encourage

you

to

use

the

ANM

2.2

predefined

default

roles.