18-41
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
18






Administering

the

Cisco

Application

Networking

Manager
Using
an

AAA

Server

for

Remote

User

Authentication

and

Authorization
Step
3
Create
a

domain
for
an

RBAC
user

(ANM)
Note
Your
user

rol

e
determines
whether
you
can

use

this

opt

ion.
A
domain
defines
which

objects

that

the

RBAC

user

will

have

access
to.

The
assigned
role

defines

which

actions

that

user

will

be

able

to

perform

on

those
objects.
To
configure

a

domain

for

an

RBAC

user,

do

the

following:
a.
Choose
Admin
>

Role-Based

Access

Control

>

Organization

>

Domains.
The
Domains

table

appears.
b.
In
the

Domains

table,

click
Add.
c.
For
the

new

domain,

enter
the
attributes
as

de

scribed

in
Ta
b

l

e
18-10
.
Not
e
If
you
check

the

Allow

All

checkbox,
this

selection

enables

all
objects
within

this

domain

(current

and

future

objects).

If

you

leave
this
check

box

unchecked,

the

Objects

tree

displays.

To

allow

a

user
to
have

access

t

o

the

entire

context,

highlight

t

he

Virtual

Contexts
folder
in

the

Objects

tree,

locate

the

specific

user

context,

and

then
click
the

arrow

to

send

it

to

the

Selected

box.

The

context

name
format
is

<chassis-name>:<slot-number>:<context-name>
d.
Click
Save
when
all

the

objects

that

you

want

to

allow

access

to

are

listed
in
the

Selected

box.
See
the

“Creating

a

Domain”

section

on

pa

ge

18-34

for

details

on

this
procedure.
Step
4
Create
an

organization

user
(ANM)
Note
Your
user

rol

e
determines
whether
you
can

use

this

opt

ion.
Organization
users

are

users

who

work

for

the

customer

of

a

service

provider

or
AAA
server

that

segments

your

users

and

to

whom

you

want

to

grant

access

to
ANM.
Do
the

following:
a.
Choose
Admin
>

Role-Based

Access

Control

>

Organization

>

Users.
The
Users

window

appears.
b.
In
the

Users

window,

click
Add.
c.
Enter
the

attributes

as

described

in
Ta
b

l

e
18-5
.
Include

the

following
organization
user

attributes:


Login

name


Predefined

role


Domains

to

which

this

user

belongs
d.
Click
Save.
The

Users

table

appears.
See
the

“Creating

User

Accounts”

section

on

page

18-19

for

details

on

this
procedure.
Table
18-11
Authenticating
ANM

Users

with

a

TACACS+

Server

(continued)
Task
Procedure