|
|
A set of predefined RBAC roles and rules are installed when the SPE software is installed if the RBAC objects are chosen for installation. You can use the predefined roles and rules as models for the roles and rules that your deployment will use. This appendix explains the predefined roles and rules.
The SPE software provides the set of predefined roles described in Table A-1. You can use a predefined role as it exists or use it as a model for creating a similar role with a modified set of privileges.
Each predefined role (see Table A-1) has a corresponding a predefined rule. Table A-2 lists the predefined rules. For example, the ACCOUNT_MANAGER_ROLE is the affected role in the ACCOUNT_MANAGER_RULE. The predefined rules specify the conditions and the resources for the privileges granted by the corresponding role. For the predefined rules (for example, SUBSCRIBER_RULE) where no resources are specified, the service-provider administrator can update the rule and define resources after the RBAC objects are installed.
Two of the predefined rules have resources defined: SELF_MANAGE_RULE and SUPERVISOR_RULE. In both cases, the resources are defined as the Organizational Unit container (for example, ou=sesm, o=cisco) where the CDAT/SPE objects are created. Therefore, the privileges are for all applicable resources in the sesm Organizational Unit of the cisco Organization. The sesm Organizational Unit and cisco Organization are the default values when the SESM software is installed. The installer can change these values during the SPE software installation.
Posted: Mon Dec 16 08:40:54 PST 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.