Filter
Top Products
11-6
User Guide for Device Fault Manager
OL-11390-01
Chapter 11 Administering DFM (Advanced)
System Administration
Using DFM in ACS Mode
Before performing any tasks that are mentioned here, you must ensure that you have successfully
completed configuring Cisco Secure ACS with the CiscoWorks server. If you have installed DFM after
configuring the CiscoWorks Login Module to the ACS mode, then DFM users are not granted any
permissions. However, the DFM application is registered to Cisco Secure ACS.
CiscoWorks login modules allow you to add new users using a source of authentication other than the
native CiscoWorks server mechanism (that is, the CiscoWorks Local login module). You can use the
Cisco Secure ACS services for this purpose. You can integrate the CiscoWorks server with CiscoSecure
ACS to provide improved access control using Authentication, Authorization, and Accounting.
The following topics provide information on how to use DFM in the ACS mode:
• Modifying CiscoWorks Roles and Privileges, page 11-7
• Device-Based Filtering, page 11-7
By default, the CiscoWorks server authentication scheme has six roles. They are listed here from least
privileged to most privileged:
Cisco Secure ACS allows you to modify the privileges to these roles. You can also create custom roles
and privileges that help you customize Common Services client applications to best suit your business
workflow and needs.
To modify the default CiscoWorks roles and privileges, see Modifying CiscoWorks Roles and Privileges,
page 11-7.
Help Desk User with this role has the privileges to access network status information from the
persisted data. User does not have the privilege to contact any device or schedule a
job that will reach the network.
Approver User with this role has the privilege to approve all DFM tasks. User can also perform
all the Help Desk tasks.
Network
Operator
User with this role has the privilege to perform all tasks that involve collecting data
from the network. User does not have write access on the network. User can also
perform all the Approver tasks.
Network
Administrator
User with this role has the privilege to change the network. User can also perform
Network Operator tasks.
System
Administrator
User with this role has the privilege to perform all CiscoWorks system administration
tasks. See the Permission Report on the CiscoWorks server (Common Services >
Server > Reports > Permission Report).
Super Admin User with this role has full access rights to perform any CiscoWorks tasks, including
administration and approval tasks.
When you integrate your CiscoWorks server with your ACS server, you just need to
do the following:
1. Create a System Identity User in ACS.
2. Assign the Super Admin role to the user for all CiscoWorks applications.
You need not create a custom role with all the privileges and assign that role to the
user. You can assign this role to a user only on the CiscoSecure ACS server and only
when the login module is set to ACS. This role is not visible in CiscoWorks local
mode and during the local user setup in the CiscoWorks server.