4-45
User Guide for CiscoWorks Common Services
78-16571-01
Chapter 4 Managing Device and Credentials
Implications of ACS Login Module on DCR
Implications of ACS Login Module on DCR
When Common Services is in ACS mode, you can perform operations in Device
and Credential Repository (DCR) based on role assignment in ACS.
See
Setting the Login Module to ACS
for details on ACS login module.
Note
A device in DCR is mapped to a device in ACS based on IP address of that device
in DCR and ACS. If a device in DCR has no IP address, then it's display_name in
DCR is mapped to host-names available in ACS.
In DCR, you can see the buttons enabled or disabled, based on the role assigned
to you.
For example, if a user
U1
is assigned Approver role in ACS, he can see only the
View button enabled in DCR. Further a user can see only those devices in DCR 's
device-selector for which he has
View Devices
task assigned in ACS.
When performing operations in DCR, evensong you select some devices and click
the appropriate button, the operation will not be performed on all selected devices
(unlike in CiscoWorks local mode). This is because the operation will be done
only on those devices for which the you has been assigned required privilege.
For example, a user
U2
is assigned Helpdesk role for device
D1
and System
Administrator role for device
D2
in ACS. Now
U2
is able to select both
D1
and
D2
in DCR. But when the user clicks on Delete, only device
D2
will be deleted.
This is because
U2
has Helpdesk role for
D1
. Helpdesk role does not have Delete
task.
Custom Roles and DCR
You can create new roles in ACS and assign a new combination of tasks to that
role. In ACS, if a Custom role is created, a few points should be considered for
DCR related tasks because certain DCR tasks have interdependencies. If certain
tasks are included in the custom role, there will be other tasks which must also be
assigned to the role to help you carry out the operations successfully.