Cisco DTA Control System (DTACS) 1.2 Betriebsanweisung
Role-Based Access Control
73
Role-Based Access Control
Prior to the implementation of the Security Enhancements on the DNCS, the dtacs
user account was the only account required to accomplish almost any task associated
with the DNCS system. These tasks include access to the DNCS GUI suite, the DNCS
database, the DNCS file system, diagnostic scripts, logging, and the command line.
user account was the only account required to accomplish almost any task associated
with the DNCS system. These tasks include access to the DNCS GUI suite, the DNCS
database, the DNCS file system, diagnostic scripts, logging, and the command line.
Like DNCS, we have implemented role-based access control as part of the DTACS
operating system. This access control allows system administrators to assign specific
administrative control of parts of the system to users.
operating system. This access control allows system administrators to assign specific
administrative control of parts of the system to users.
You can give users permissions to run certain commands or access to certain files.
You can also prevent users from running commands or accessing files. Role-based
access control allows increased flexibility in the assignment of permissions on the
system.
You can also prevent users from running commands or accessing files. Role-based
access control allows increased flexibility in the assignment of permissions on the
system.
The following table lists the three most important roles and account types available
on the DTACS and a description of their permission levels.
on the DTACS and a description of their permission levels.
Role
Files
Commands Database
Read Write
Execute
Read Write Alter
Root
Y
Y
Y
Y
Y
Y
DTACS Role
Y
Y
Y
Y
Y
N
DTACS
Admin
Account
Admin
Account
Y
N
N
N
N
N
This section is a more detailed description of the roles and accounts available on the
DTACS Server.
DTACS Server.
root User
The root user is the system administrator account and has all privileges and rights.
Login access to the system using the root user is limited to direct local access,
such as from the local console.
such as from the local console.
You can switch to the root user from another account that is logged in locally or
remotely.
remotely.
You must use the root user to create all customer-specific login accounts.
The root user has permission to switch to the dtacs role.
The root user is the database administrator.