Troubleshooting guide

ManualsBrandsCisco ManualsComputer equipmentWide Area Virtualization Engine 274

251

252

253

254

255

256

257

258

259

260

1-10

Cisco Wide Area Application Services Configuration Guide

OL-26579-01

Chapter 1 Creating and Managing Administrator User Accounts and Groups

Creating and Managing User Accounts

Note Assigning the admin role to a user does not change the user privilege level to 15. The user must also have

privilege level 15 in order to perform administrative tasks.

Assigning the admin role to a user grants read and write permission to all Device Manager GUI pages.

WAAS can dynamically assign a role to users based on their membership in a group as defined on an

external TACACS+ or Windows domain authentication server. To take advantage of this feature, you

must define user group names on the WAAS Central Manager that match the user groups defined on the

external authentication server and you must assign a role to the user groups on the WAAS Central

Manager. For more information on user groups, see the “Working with User Groups” section on

page 1-17.

Note For user groups authenticated on a TACACS+ server to gain access to the Device Manager GUI, the user

group must be configured with the admin role and the user intending to access the Device Manager GUI

must first log in to the Central Manager, which creates a member account on the Central Manager and

the WAE. Periodically, member accounts of a user group are removed from the Central Manager

database to reduce database load, so after a period (60 days by default) of no Central Manager activity,

a user will need to log in again to the Central Manager before accessing the Device Manager GUI. The

cdm.remoteuser.deletionDaysLimit system property controls the removal interval.

This section contains the following topics:

• Creating a New Role, page 1-10

• Assigning a Role to a User Account, page 1-12

• Modifying and Deleting Roles, page 1-13

• Viewing Role Settings, page 1-13

Creating a New Role

To create a new role, follow these steps:

Step 1 From the WAAS Central Manager menu, choose Admin > AAA > Roles.

The Roles listing window appears.

Step 2 Click the Create New Role icon from the taskbar.

The Creating New Role window appears.

Step 3 In the Name field, enter the name of the role.

The name cannot contain characters other than letters, numbers, period, hyphen, underscore, and space.

Step 4 Check the check box next to the services that you want this role to manage.

The check boxes in this window are tri-state check boxes. When there is a check in the box, it means that

the user will have read and write access to the listed service. Click the check box again to change the

indicator to a square partially filling the check box. This indicator means that the user will have

read-only access to the service. An empty square signifies no access to the service.

To expand the listing of services under a category, click the folder, and then check the check box next to

the services that you want to enable for this role. To choose all the services under one category

simultaneously, check the check box next to the top-level folder for those services.