Cisco Headend Digital Broadband Delivery System
Chapter 1 System Defaults and Access Control
4
4034689 Rev A
Role-Based Access Control
We have implemented role-based access control (RBAC) as part of the DNCS, RNCS,
and Application Server operating systems. This access control allows system
administrators to assign specific administrative control of parts of the operating
system to users.
and Application Server operating systems. This access control allows system
administrators to assign specific administrative control of parts of the operating
system to users.
Important: You cannot log in directly or remotely to the DNCS, the RNCS, or the
Application Server as the dncs user. You cannot log in remotely to the DNCS as the
root user. You will need to set up individual user accounts for everyone who uses
the DNCS, including support personnel and third-party applications. See User
Account Defaults (on page 8) for more information.
Application Server as the dncs user. You cannot log in remotely to the DNCS as the
root user. You will need to set up individual user accounts for everyone who uses
the DNCS, including support personnel and third-party applications. See User
Account Defaults (on page 8) for more information.
Roles and Accounts Available on the DNCS, the RNCS, and the Application
Server
Server
This section describes the roles and accounts available on the DNCS, RNCS, and
Application Server.
Application Server.
Roles
dncs Role — The dncs role is the application administrator and user.
Important: You cannot log in directly or remotely to the system as the dncs user.
Important: You cannot log in directly or remotely to the system as the dncs user.
dbreader Role — DNCS Database Read-Only Role. This role can be used by
remote clients to access the DNCS database in a read-only mode. For example,
third-party scripts that run without dncs privileges can be authorized to assume
the dbreader role so they can access the DNCS database in a read-only mode.
Important: You cannot log in directly to the DNCS using “dbreader” and the
dbreader role password.
remote clients to access the DNCS database in a read-only mode. For example,
third-party scripts that run without dncs privileges can be authorized to assume
the dbreader role so they can access the DNCS database in a read-only mode.
Important: You cannot log in directly to the DNCS using “dbreader” and the
dbreader role password.
Accounts
root User — The root user is the system administrator account and has all
privileges and rights except for access to the DNCS Web User Interface (WUI).
Important: You cannot log into the DNCS remotely as the root user. However,
you can log in at the DNCS console and at the ALOM port as the root user.
privileges and rights except for access to the DNCS Web User Interface (WUI).
Important: You cannot log into the DNCS remotely as the root user. However,
you can log in at the DNCS console and at the ALOM port as the root user.
DNCS Administrator — DNCS Administrator accounts are the only system
accounts (other than root) that have permission to switch to the dncs role. These
users have access to the DNCS Administrative Console.
accounts (other than root) that have permission to switch to the dncs role. These
users have access to the DNCS Administrative Console.
DNCS Operator — DNCS Operator accounts can be used on the system only to
view logs and other application files.
view logs and other application files.
Regular Users — Regular User accounts do not have permission to view
application logs or other application files. You can change a regular user to a
application logs or other application files. You can change a regular user to a