< Day Day Up > |
The CSA MC server automatically employs role-based access control (RBAC) through the VMS user management policy. Every user who wants to use the CSA MC component must first log in to the VMS server with a username and password. Users are granted certain rights to the CSA MC through inheritance from the VMS user database. The CSA MC server has additional administrator controls beyond the basic inherited VMS rights, which you learn about in the next sections. Inherited VMS Administrative RightsRights inherited by the CSA MC from VMS are directly related to the VMS administrative rights. To configure a new VMS administrator user ID, you need to open the Server Configuration drawer in the VMS application. From there, choose Setup > Security. You should see several options related to authentication and user configuration, as follows:
To effectively add a user with the correct inherited rights, you must understand how the various roles map into CSA MC administrative roles. Here are the CSA MC administrative roles:
CSA MC Administrative ControlBeyond the administrative rights mapping provided by the CiscoWorks VMS server, the CSA MC can further control the access an administrator has to certain objects. NOTE You must have configure rights on the CSA MC to edit the Admin Access Control parameters. To configure restricted access to an administrator account, follow these steps and refer to Figure 14-9:
Figure 14-9. CSA MC Admin Access Control ConfigurationNOTE You can only limit administrators with monitor rights to a limited view by group. You cannot limit any of the other administrative types to only configure portions of the database. When an administrator has write access, the administrator has write access to the entire CSA MC database. Administrative PreferencesWhile you are still in the Admin Preferences page, it is a perfect time to see what administrative efficiencies can be gained by setting preferences. CSA MC administrators can simplify their view throughout the MC by setting preferences that will follow their management session. If you are running the enterprise-wide deployment of CSA in your network but have only Linux systems, you would not want to see all Solaris- and Windows-configurable options. The way you limit your view is through administrative preferences. NOTE The administrative user ID you are logged in as always displays in the lower-right corner of every CSA MC screen. You can access the following four predefined preferences:
This section looks more closely at the Basic Windows administrative preference to better understand what this configurable item provides you. Choose Basic Windows to see a page similar to Figure 14-10. The following options are available:
Figure 14-10. Admin Preferences Configuration Page |
< Day Day Up > |