Creating User Accounts - Cisco 4700M Configuration Manual

Chapter 2 Configuring Authentication and Accounting Services

Creating User Accounts

OL-16202-01
Every user associated with a virtual context has account information stored on the
ACE. The authentication information, username, user password, password
expiration date, and user role membership are all stored as part of each user's
profile.
As the ACE global administrator, you can assign one user in each context as the
context administrator. The context administrator can then log in to the context or
contexts on the ACE for which he or she is responsible and create additional users.
If you do not assign a user role to a new user, the default user role is
Network-Monitor. By default, the user is allowed to operate on all domains. For
users that you create in the Admin context, the default scope of access is the entire
device. For users that you create in other contexts, the default scope of access is
the entire context. If you need to restrict a user's access, you must assign a
role-domain pair.
Note the following when assigning a user for a context in the ACE:
The same username can be created across contexts and can be associated with
•
a unique role in a context and multiple domains. A user can have up to ten
domains associated with a unique role in a context.
Virtual contexts can share RADIUS, TACACS+, and LDAP servers; however,
•
the user must be explicitly authenticated for each context and use the same
password.
All logged user accounting activities are distinguished in the ACE by the
•
context in which a user has signed in.
For detailed information about creating contexts and user accounts to provide
access to the local database on the ACE for CLI access authentication, see the
Cisco 4700 Series Application Control Engine Appliance Virtualization
Configuration Guide.
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
Creating User Accounts
2-23