Home

Cisco Systems CRS-1 Series User's Manual

1. OL 5497 01
2. CHAPTER User Administration Application The User Administration Application contains the following tabs and subtabs Users Tab page 4 3 User Groups Tab page 4 3 Task Groups Tab page 4 5 AAA User Tasks Window page 4 6 The router user attributes form the basis of the router operating system administrative model Each router user is associated with the following attributes e User ID ASCII string that identifies the user uniquely across an administrative domain maximum of 253 characters Password stored encrypted maximum of 253 characters List of user groups at least one of which the user is a member thereby enabling attributes such as task IDs The router allows you to configure groups of users and the job characteristics that are common in groups of users All groups must be explicitly assigned to users Users are not assigned to groups by default A user can be assigned to more than one group A user group defines a collection of users who share acommon set of attributes such as access privileges Each user may be associated with one or more user groups The router system provides a collection of user groups whose attributes are already defined The predefined groups include root system root lr sysadmin netadmin operator cisco support The user group root system has root owners as the only members The root system group has predefined authorization that is it has the complete re
3. a task group name and description Configure read write and execute classes for tasks Add delete and inherit task groups from the chosen task group See Figure 4 3 for an example of the Task Groups tab Table 4 3 describes the Task Groups tab fields Figure 4 3 Task Groups Tab F User Administration 6 oe Users UserGroups Task Groups Name Description Task Groups av Task Group Configuration Name Description Tasks Task Groups Task Name Read Write Execute Notify Selected Task Groups Show User Tasks v OK Cancel Apply 98703 0 record entries OL 5497 01 Cisco CRS 1 Series Carrier Routing System Craft Works Interface Configuration Applications Reference Guide E Chapter4 User Administration Application HE AAA User Tasks Window Table 4 3 Task Groups Tab Description Field Description Task Group Configuration Area Name field Allows you to enter a task group name Description field Allows you to enter a description of the task group Tasks table Allows you to enable and disable the following classes for each task read write execute notify Checking the check box for a task enables the class for the task If the check box is unchecked the class is disabled Task Groups area Selected Task Groups list Displays inherited the task groups for this task group Click the Add button to a
4. dd a task group This button opens a Task Groups dialog box allowing you to choose a task group Click Delete to remove a task group from the list AAA User Tasks Window The AAA User Tasks window is opened from the User Administration application The window allows you to display which tasks all users are assigned to and the privileges for each assigned task read write execute and notify See Chapter 2 AAA Application for information on authentication authorization and accounting AAA in the AAA Administration application See Figure 4 4 for an example of the AAA User Tasks Window mi Cisco CRS 1 Series Carrier Routing System Craft Works Interface Configuration Applications Reference Guide OL 5497 01 Chapter4 User Administration Application AAA User Tasks Window W Figure 4 4 AAA User Tasks Window AAA User Tasks 14 Task Name rootlr inventory bgp ospf hsrp isis route map route policy NNNNNRRKISI SIRIRINININISINIS a a v Column Name User Name userA rootlr true true true true 182 record entries 98862 Cisco CRS 1 Series Carrier Routing System Craft Works Interface Configuration Applications Reference Guide OL 5497 01 a 47 Chapter4 User Administration Application W AAA User Tasks Window Cisco CRS 1 Series Carrier Routing System Craft Works Interface Configuration Applications Reference Guide 48
5. example of the Users tab Table 4 1 describes the Users tab fields Table 4 1 Users Tab Description Field Description User Configuration Area User Name field Allows you to enter a username Password Allows to configure the password Password field Allows you to confirm that a password has been configured using the User Administration dialog box Password ellipsis button See Password ellipsis button The field displays asterisks when there is a configured password Allows you to set the password associated with the username using User Administration dialog box You must enter and confirm the password Secret Secret field Secret ellipsis button Allows you to configure the secret password The secret password creates a secure login password Allows you to confirm that a secret password has been configured using the User Administration dialog box See Secret ellipsis button The field displays asterisks when there is a configured secret password Allows you to set the secure password associated with the username using the User Administration dialog box You must enter and confirm the secure password Show Allows you to open the AAA User Tasks window See the AAA User Tasks Window section on page 4 6 for more information on the AAA User Tasks window User Groups Area Selected User Groups list Displays the user groups the username can inherit from Click the Add button to add a user gr
6. in that group A user s task permissions are derived from the task groups associated with the user groups to which that user belongs See Figure 4 1 for an example of the User Administration application Refer to the Cisco CRS 1 Series Carrier Routing System Craft Works Interface User Interface Guide for information on the common window elements and common activities procedures in the User Administration application Figure 4 1 User Administration Application User Administration 6 nz 2P B20 t Lo Ly Users User Groups Task Groups User Name Password Secret User Groups user_A iii root system Avr x User Configuration User Name user_A Password aee E Secret E User Groups Selected User Groups root system Add Show User Tasks v OK Cancel Apply 1 record entries 98702 Cisco CRS 1 Series Carrier Routing System Craft W orks Interface Configuration Applications Reference Guide 42 OL 5497 01 _Chapter 4 User Administration Application Users Tab Users Tab W Each user is identified by a username that is unique across the administrative domain Each user must be a member of at least one user group Deleting a user group may orphan the users associated with that group The Users tab allows you to perform the following tasks Set the password for a username Assign a username to user groups See Figure 4 1 for an
7. oup This button opens a User Groups dialog box allowing you to choose a user group Click Delete to remove a user group from the list User Groups Tab User groups are configured with the parameters for a set of users such as task groups You can add and remove specific user groups The User Groups tab allows you to perform the following tasks Specify a user group name and description Add and delete user groups from the selected user group Add and delete task groups from the selected user group See Figure 4 2 for an example of the User Groups tab Table 4 2 describes the User Groups tab fields OL 5497 01 Cisco CRS 1 Series Carrier Routing System Craft Works Interface Configuration Applications Reference Guide jg Chapter4 User Administration Application W User Groups Tab Figure 4 2 User Groups Tab F User Administration 6 LE LEE LLEETE Hy Uy fe ia Users User Groups Task Groups Name Description User Groups Task Groups av User Group Configuration Name Description User Groups Task Groups Selected User Groups Selected Task Groups Show User Tasks v OK Cancel Apply 0 record entries 98704 Table 4 2 User Groups Tab Description Field Description User Group Configuration Area Name field Allows you to enter a user group name Description field Allows you to enter a description of the user group User Groups Area Selec
8. sponsibility for root owner managed resources and certain responsibilities in other logical routers LRs Authorization is enabled by default for root system users in any LR Refer to the Configuring AAA Services on Cisco IOS XR module of the Cisco IOS XR System Security Configuration Guide for detailed information on the predefined user groups Users can configure their own user groups to meet particular needs OL 5497 01 Cisco CRS 1 Series Carrier Routing System Craft Works Interface Configuration Applications Reference Guide my Chapter4 User Administration Application Router control configure or monitor operational tasks are represented by task IDs A task ID defines the permission to execute an operation Users are associated with sets of task IDs a task group that define their authorized access to the router Task IDs are assigned to users through the following means Each user is associated with one or more user groups Every user group is associated with one or more task groups In turn every task group is defined by a set of task IDs A user s association with a particular user group links that user to a particular set of task IDs A user associated with a task ID can execute any of the operations associated with that task ID A task group is defined by a collection of task IDs Task groups contain task ID lists for each class of task IDs Each user group is associated with a set of task groups applicable to the users
9. ted User Displays the user groups the user group is associated with Groups list Click the Add button to add a user group This button opens a User Group dialog box allowing you to choose a user group Click Delete to remove a user group from the list Task Groups Area Selected Task Displays the task groups the user group is associated with Groups isi Click the Add button to add a task group This button opens a Task Group dialog box allowing you to choose a task group Click Delete to remove a task group from the list Cisco CRS 1 Series Carrier Routing System Craft W orks Interface Configuration Applications Reference Guide 44 OL 5497 01 _Chapter 4 User Administration Application Task Groups Tab W Task Groups Tab Task based authorization employs the concept of a task ID as its basic element A task ID defines the permission to execute an operation for a given user Each user is associated with a set of permitted router operation tasks identified by task IDs Users are granted authority by being assigned to user groups that are in turn associated with task groups Each task group is associated with one or more task IDs selected from the router set of available task IDs The first configuration task in setting up the router authorization scheme is to configure the task groups followed by user groups followed by individual users The Task Groups tab allows you to perform the following tasks Specify

Cisco Systems CRS-1 Series User's Manual

Contents

Download Pdf Manuals

Related Search

Related Contents