DOMAIN
NETWORK
SERVER
STORAGE
By default the local admin as all 4 role which give RW in all 4 areas. When crafting a local user, you have to define a role or multiple roles.
In cisco ACS we can do the same by issuance of the "autocmd" in a custom attribute for the shell-profile. if you list ALL 4 of the above roles you will gain access for RW for all 4 roles
e.g
autocmd=domain
autocmd=network
autocmd=server
autocmd=storage
Here's a few snapshost and screen view of the landing page when you login and the permissions you have.
e.g ( all 4 roles )
cisco ACS
HP-VC-landing page ( see roles defined on left and the manage/view columns RW/RO
( just2 domain + network )
cisco ACS
HP-VC-landingpage
And finally if we dfine "NO" roles we will get RO
HP-VC landing page when we have nothing defined.
So that's how you do it. Keep in mind you control roles defined via the autocmd and custom attributes in the shell profile.
I haven't yet figure out a means for issuance of a "show user *" cmd and to current remote-user and the role access in HP-VC version " v4.45"
Also if you make any typo in the custom attribute, you can brick that access. So 1> ensure the role is correct 2> lower case 3> don't string the roles
if you have type or mix or uppercase this is what happens
( cisco ACS autocmd with intentional typo in the form of uppercase )
( And now the HP Virtual Connect falls back to RO for the roles that where not define correctly )
Ken
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment