Cisco Systems CSACS3415K9 Computer Accessories User Manual

Open as PDF

of 678

16-6

User Guide for Cisco Secure Access Control System 5.4

OL-26225-01

Chapter 16 Managing System Administrators

Understanding Roles

Note At first login, only the Super Admin is assigned to a specific administrator.

Related Topics

• Administrator Accounts and Role Association

• Creating, Duplicating, Editing, and Deleting Administrator Accounts

Changing Role Associations

By design, all roles in ACS are predefined and cannot be changed. ACS allows you to only change role

associations. Owing to the potential ramifications on the system’s entire authorization status, the ACS

Super Admin and SecurityAdmin roles alone have the privilege to change role associations.

Changes in role associations take effect only after the affected administrators log out and log in again.

At the new login, ACS reads and applies the role association changes.

Note You must be careful in assigning the ACS Super Admin and SecurityAdmin roles because of the global

ramifications of role association changes.

Administrator Accounts and Role Association

Administrator account definitions consist of a name, status, description, e-mail address, password, and

role assignment.

Note It is recommended that you create a unique administrator for each person. In this way, operations are

clearly recorded in the audit log.

Administrators are authenticated against the internal database only.

You can edit and delete existing accounts. However, the web interface displays an error message if you

attempt to delete or disable the last super administrator.

SystemAdmin This role is intended for administrators responsible for ACS system configuration and operations.

This role has the following permissions:

• Read and write permissions on all system administration activities except for account

definition

• Read and write permissions on ACS instances

UserAdmin This role is intended for administrators who are responsible for adding, updating, or deleting

entries in the internal ACS identity stores, which includes internal users and internal hosts. This

role has the following permissions:

• Read and write permissions on users and hosts

• Read permission on IDGs

Table 16-1 Predefined Role Descriptions (continued)

Role Privileges

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems CSACS3415K9 Computer Accessories User Manual