15-29
Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance
OL-26645-02
Chapter 15 Managing the ACE Appliance
Managing User Roles
Step 6 To alter rules, select changes to any of the following attributes.
Note For a user with a customized role to perform configuration and operation changes from the ACE
Appliance Device Manager, you must configure the role with rules that permit the create operation for
the config-copy and exec-commands features.
Step 7 Click Deploy Now to update the rule for this role.
Related Topics
• Role Mapping in ACE Appliance Device Manager, page 15-19
• Understanding Operations Privileges, page 15-6
• Managing User Roles, page 15-14
Table 15-7 Rule Attributes
Attribute Description
Rule Number The number assigned to this rule.
Permission Permit or deny the specified operation.
Operation Create, debug, modify
1
, and monitor the specified feature.
1. Certain features are not available for certain operations. For modify, the following features cannot be used: Change To
Context, Config-Copy, DHCP, Exec-Commands, NAT, Real Inservice, Routing, and Syslog.
Feature AAA, Access List, Change To Context, Config Copy, Connection, DHCP,
Exec-Commands, Fault Tolerant, Inspect, Interface, Load Balance, NAT,
PKI
2
, Probe, Real Inservice, Routing, Real Server, Server Farm, SSL
2,
3
,
Sticky, Syslog, and VIP.
The Changeto feature allows you to move from the Admin context to
another virtual context and maintain the same role with the same
privileges in the new context that you had in the Admin context.
The Exec-commands feature enables all default custom role commands in
the ACE. The default custom role commands are capture, debug, gunzip,
mkdir, move, rmkdir, tac-pac, untar, write, and undebug.
2. The PKI and SSL features are not available with the ACE NPE software version (see the “Information About the ACE No
Payload Encryption Software Version” section on page 1-2).
3. For all SSL-related operations, a user with a custom role should include the following two rules: A rule that includes the SSL
feature, and a rule that includes the PKI feature.
Comments to this Manuals