User Groups, Task Groups, And Task Ids - Cisco XR 12000 Series Getting Started Manual

Hide thumbs Also See for XR 12000 Series:

Reference (428 pages)

Command reference manual (359 pages)

Configuration manual (178 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

Table of Contents

Chapter 3

Configuring General Router Features

User Groups, Task Groups, and Task IDs

The Cisco IOS XR software ensures security by combining tasks a user wants to perform (task IDs) into

groups, defining which router configuration and management functions users can perform. This policy

is enabled by the definition of:

•

The commands you can perform are defined by the user groups to which you belong. Within the Cisco

IOS XR software, the commands for a particular feature, like access control lists, are assigned to tasks.

Each task is uniquely identified by a task ID. To use a particular command, your username must be

associated with the appropriate task ID.

The association between a username and a task ID takes place through two intermediate entities, the user

group and task group.

The user group is a logical container used to assign the same task IDs to multiple users. Instead of

assigning task IDs to each user, you can assign them to the user group. Then, you can assign users to that

user group. When a task is assigned to a user group, you can define the access rights for the commands

associated with that task. These rights include "read", "write", "execute", and "notify".

The task group is also a logical container, but it is used to group tasks. Instead of assigning task IDs to

each user group, you assign them to a task group. This allows you to quickly enable access to a specific

set of tasks by assigning a task group to a user group.

To summarize the associations, usernames are assigned to user groups, which are then assigned to task

groups. Users can be assigned to multiple user groups, and each user group can be assigned to one or

more task groups. The commands that a user can execute are all those commands assigned to the tasks

within the task groups that are associated with the user groups to which the user belongs.

Users are not assigned to groups by default and must be explicitly assigned by an administrator.

The following example shows how you can display all task IDs available on the system with the show

task supported command.

RP/0/RP0/CPU0:router# show task supported

bgp

ospf

hsrp

isis

route-map

route-policy

static

vrrp

cef

lpts

iep

rib

multicast

mpls-te

mpls-ldp

mpls-static

ouni

fabric

bundle

network

transport

OL-24755-01

User groups—Collection of users that share similar authorization rights on a router.

Task groups—Definition of collection of tasks identified by unique task IDs for each class of action.

Task IDs—Definition of permission to perform particular tasks; pooled into a task group that is then

assigned to users.

Cisco IOS XR Getting Started Guide for the Cisco XR 12000 Series Router

User Access Privileges

3-39

Table of Contents

User Groups, Task Groups, And Task Ids - Cisco XR 12000 Series Getting Started Manual

User Groups, Task Groups, and Task IDs

Related Manuals for Cisco XR 12000 Series

Related Content for Cisco XR 12000 Series

Table of Contents