Specifications

ManualsBrandsHP ManualsComputer equipment3350 - Cisco NAC Appliance

611

612

613

614

615

616

617

618

619

620

14-50

Cisco NAC Appliance - Clean Access Manager Configuration Guide

OL-28003-01

Chapter 14 Administering the CAM

Admin Users

Step 6 Set the access options next to each individual Clean Access Server as no access, view only, add-edit, or

local admin. This allows you to restrict access to the individual Clean Access Server for a specified

administrator group, enable an administrator group to view permissions on the individual Clean Access

Server, and even tailor access to provide an administrator group full control over one or more Clean

Access Servers (including delete/reboot capabilities).

Note When a Clean Access Server option is set to no access, the members of the administrator group

can still see the specified server in the Device Management > CCA servers > List of Servers

page, but they cannot manage, disconnect, reboot or delete the server.

Step 7 Select group access privileges of hidden, read only, add-edit, or full control for each individual module

or submodule. This allows you to limit the Clean Access Server modules and submodules available to a

specified administrator group and tailor administrative control over modules and/or submodules for the

specified administrator group.

Note When a submodule option is set to hidden, the members of the administrator group can still see

the given submodule in the left-hand web console pane, but the text is “greyed out” and they

cannot access that submodule.

Step 8 Click Create Group to add the group to the Admin Groups list.

You can edit the group later by clicking the Edit icon next to the group in the list. To delete the group

click the Delete icon next to the group. Users in an admin group are not removed when the group is

deleted, but are assigned to the default Read-Only Admin group.

Note If an administrator changes the permissions of a particular admin group by editing the admin group, the

administrator must remove all admin users belonging to that group since the new permissions will only

be effective from the next login.

Admin Users

Note The default admin user is in the default Full-Control Admin group and is a special system user with

full control privileges that can never be removed from the Clean Access Manager. For example, a

Full-Control user can log in and delete his/her own account, but one cannot log in as user admin and

delete the admin account.

Admin users are classified according to Admin Group. The following general rules apply:

• All admin users can access the Administration > Admin Users module and change their own

passwords.

• Features that are not available to a level of admin user are simply disabled in the web admin console.

• Read-Only users can only view users, devices, and features in the web admin console.

• Add-Edit users can add and edit but not remove local users, devices, or features in the web admin

console. Add-Edit admin users cannot create other admin users.