User Group Permissions: Task Descriptions
Available Languages
Download Options
Updated:June 6, 2016
Document ID:200474
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Contents
Introduction
This document is intended for Cisco Prime LAN Management Solution (LMS) administrators who want to preserve the user ID and privilege structures used when they converted to Prime Infrastructure.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
User Group Permissions and Task Description
This table describes user group permissions and task descriptions.
| Task Group Name | Task Name | Description |
| APIC-EM Controller | Apic Global PnP Write Access | Allows user to create or update the Apic Global PnP/Ztd settings |
| APIC-EM Controller | Apic Global PnP Read Access | Allows user to read the Apic Global PnP/Ztd settings |
| APIC-EM Controller | Apic Controller Read Access | Allows user to read APIC-EM controller details |
| APIC-EM Controller | Apic Controller Write Access | Allows user to create or update APIC-EM controller details |
| Administration Menu String Task | Administration Menu Access | Allows user to access all features under the Administration menu. |
| Administrative Operations | Application Server Management Access | Allows user to manage NAM server lists. |
| Administrative Operations | Application and Services Access | Allows user to create, modify, and delete custom applications and services. |
| Administrative Operations | Design Endpoint Site Association Access | Allows user to create Assurance site classification rules. |
| Administrative Operations | Device Detail UDF | Allows user to access Device details UDF |
| Administrative Operations | Export Audit Logs Access | Allows user to access Import Policy Update through Admin Mega menu. |
| Administrative Operations | View Audit Logs Access | Allows user to view Network and System audits. |
| Administrative Operations | Import Policy Update | Allow user to manually download and import the policy updates into the compliance and Audit manager engine |
| Administrative Operations | Appliance | Gives the user access to the Administration > Settings > Appliance menu. |
| Administrative Operations | Health Monitor Details | Allows user to modify Site Health Score definitions. |
| Administrative Operations | High Availability Configuration | Allows user to configure High Availability for pairing primary and secondary servers. |
| Administrative Operations | License Center/Smart license | Allows user to access license center/smart license |
| Administrative Operations | Logging | Gives access to the menu item which allows user to configure the logging levels for the product. |
| Administrative Operations | Scheduled Tasks and Data Collection | Controls access to the screen to view the background tasks. |
| Administrative Operations | System Settings | Controls access to the Administration > System Settings menu. |
| Administrative Operations | User Preferences | Controls access to the Administration > User Preference menu. |
| Advanced search access | Advanced search access | Allows user to define search criteria and view search results |
| Alarm Browser String Task | Alarm Browser Access | Allows user to view alarms and events. |
| Alerts and Events | Troubleshoot | Allows user to do basic troubleshooting, such as traceroute and ping, on alarms. |
| Alerts and Events | Ack and Unack Alerts | Allows user to acknowledge or unacknowledge existing alarms. |
| Alerts and Events | Delete and Clear Alerts | Allows user to clear and delete active alarms. |
| Alerts and Events | Email Notification | Allows user to configure email notification forwarding. |
| Alerts and Events | View Alert condition | Allows user to view a list of events and alarms. |
| Alerts and Events | Alarm Policies Edit Access | Allows user to edit alarm policies. |
| Alerts and Events | Pick and Unpick Alerts | Allows user to pick and unpick alerts |
| Alerts and Events | Alarm Policies | Allows user to access alarm policies |
| Configure Menu String Task | Configure Menu Access | Allows user to access all features under the Configuration menu. |
| Feedback and Support Tasks | TAC Case Management Tool | Allows users to open a TAC case from within Prime Infrastructure. |
| Feedback and Support Tasks | Automated Feedback | Allows access to automated feedback |
| GLOBAL | LOBBY-AMBASSADOR-GLOBAL | Allows user to log in with the Lobby Ambassador role. |
| GLOBAL | MONITOR-LITE-GLOBAL | Allows user to log in with the Monitor Lite role. |
| Groups Management | Add Group Members | Allows user to add an entity, such as a device or port, to groups. |
| Groups Management | Add Groups | Allows user to create groups. |
| Groups Management | Delete Group Members | Allows user to remove members from groups. |
| Groups Management | Delete Groups | Allows user to delete groups. |
| Groups Management | Modify Groups | Allows user to edit group attributes such as name, parent, and rules. |
| Groups Management | Export Groups | Allows user to export groups. |
| Groups Management | Import Groups | Allows user to import groups. |
| Guest User Tasks | Configure Guest Users | Allows user to create, edit, and delete guest user accounts. |
| Guest User Tasks | Lobby Ambassador Defaults Configuration | Allows user to configure guest account defaults for a Lobby Ambassador account. |
| Guest User Tasks | Lobby Ambassador User Preferences | Allows user to set up Lobby Ambassador user preferences. |
| Job Management | Approve Job | Allows user to submit a job for approval by another user. |
| Job Management | Cancel Job | Allows user to cancel the running jobs. |
| Job Management | Delete Job | Allows user to delete jobs from job dashboard. |
| Job Management | Edit Job | Allows user to edit jobs from job dashboard. |
| Job Management | Pause Job | Allows user to pause running and system jobs. |
| Job Management | Run Job | Allows user to run paused jobs and schedule jobs. |
| Job Management | Schedule Job | Allows user to schedule jobs. |
| Job Management | System Jobs Tab Access | Allows user to view System jobs. |
| Job Management | View Job | Allows user to access the Administration > Jobs menu |
| Local Net User Tasks | Configure Local Net Users | Allows user to manage Local Net Users. |
| Maps | Client Location | Allows user to view client locations on Map. |
| Maps | Maps Read Only | Allows user to view the map in a read-only mode. |
| Maps | Maps Read Write | Allows user to view and also manipulate elements within the maps such as AP placement. |
| Maps | Planning Mode | Allows user to launch the planning mode tool. |
| Maps | Rogue Location | Allows user to view rogue AP locations on Map |
| MDNS Policy Admin | mDNS Policy Admin | Allows mDNS Policy Admin user to log in to the mDNS portal. |
| Monitor Menu String Task | Monitor Menu Access | Allow user to access all features under the Monitor menu. |
| Network Configuration | Add Device Access | Allows user to add devices to Prime Infrastructure. |
| Network Configuration | Config Archive Read Task | Allows user to view the archived configurations and schedule configuration archive collection jobs. |
| Network Configuration | Config Archive Read-Write Task | Allows user to perform all configuration archive operations. |
| Network Configuration | Delete Device Access | Allows user to delete devices from Prime Infrastructure. |
| Network Configuration | Deploy Configuring Access | Allows user to deploy Configuration and IWAN templates. |
| Network Configuration | Design Configuration Template Access | Allows user to create Configuration > Shared Policy Object templates and Configuration Group templates. |
| Network Configuration | Device Bulk Import Access | Allows user to perform bulk import of devices from CSV files. |
| Network Configuration | Device View configuration Access | Allows user to configure devices in the Device Work Center. |
| Network Configuration | Edit Device Access | Allows user to edit device credentials and other device details. |
| Network Configuration | Export Device Access | Allows user to export the list of devices, including credentials, as a CSV file. |
| Network Configuration | TrustSec Readiness Assessment | Access to the TrustSec menu which allows users to configure TrustSec in their network. |
| Network Configuration | View Compute Devices | Access to Data Center compute servers and virtual elements such as Hosts and Virtual Machines managed in PI. |
| Network Configuration | Configure ACS View Servers | Allows access to manage ACS View Servers. |
| Network Configuration | Configure Access Points | Allows users to configure access points. |
| Network Configuration | Configure Autonomous Access Point Templates | Allows access to configure Autonomous AP Templates on Prime Infrastructure. |
| Network Configuration | Configure Choke Points | Allows users to Configure Choke Points. |
| Network Configuration | Configure Config Groups | Allows access to Config Groups. |
| Network Configuration | Credential Profile Add_Edit Access | Allows user to Add and edit credential profile |
| Network Configuration | Credential Profile Delete Access | Allows user to delete credential profile |
| Network Configuration | Configure Controllers | Allows users to configure the Wireless Controller features. |
| Network Configuration | Configure Ethernet Switch Ports | Controls access to the config ability when viewing ethernet details in DWC for any device. |
| Network Configuration | Configure Ethernet Switches | Controls access to the config ability when viewing ethernet details in DWC for any device. |
| Network Configuration | Migration Templates | Allows user to create autonomous AP migration templates |
| Network Configuration | Configure ISE Servers | Allows users to manage ISE servers on Prime Infrastructure. |
| Network Configuration | Configure Lightweight Access Point Templates | Allows users to configure Lightweight Access Point Templates on Prime Infrastructure. |
| Network Configuration | Configure Spectrum Experts | Allows users to Configure Spectrum Experts. |
| Network Configuration | Configure Mobility Devices | Allows user to configure the CAS,WIPS,Mobile concierge service, location analytics service, and provide the mobility procedures |
| Network Configuration | Auto Provisioning | Allows access to auto provisioning |
| Network Configuration | Configure Switch Location Configuration Templates | Allow the user to modify Configuration templates |
| Network Configuration | Configure Templates | Allow the user to do the CRUD operation of Feature Templates on DWC and configuration Template |
| Network Configuration | Configure Templates | Allows user to create, read, delete, and update feature and configuration templates in the Device Work Center. |
| Network Configuration | Configure Third Party Controllers and Access Point | Allows users to configure Third Party Controllers and Access Points on Prime Infrastructure. |
| Network Configuration | Configure WIPS Profiles | Allows users to access WIPS Profiles. |
| Network Configuration | Configure WiFi TDOA Receivers | Allows users to configure WiFi TDOA Receivers. |
| Network Configuration | Device WorkCenter | Allows user access to the Device Work Center. |
| Network Configuration | Global SSID Groups | Allows users to configure Global SSID Groups. |
| Network Configuration | Scheduled Configuration Tasks | Allows user to create and schedule a configuration template,configuration group,software download task and template |
| Network Configuration | Credential Profile View Access | Allows user to view credential profile |
| Network Configuration | Configuration Templates Read Access | Allows to access configuration templates in read only mode |
| Network Configuration | WIPS Service | Allows users to configure WIPS Service. |
| Network Discovery | Discovery CRUD Privilege | Allows user to create, read, delete, and update Discovery Settings for both Quick Discovery and Advance Discovery. |
| Network Discovery | Discovery Schedule Privilege | Allows user to schedule discovery of the network. |
| Network Discovery | Discovery View Privilege | Allows user to view discovery settings. |
| Network Monitoring | Admin Dashboard Access | Allows user to access the Admin Dashboard. |
| Network Monitoring | Monitor Ethernet Switches | Allows user to monitor ethernet interfaces,VLAN switch port,and VLAN trunk of ethernet switches |
| Network Monitoring | Data Collection Management Access | Allow user to access the Assurance Data Sources page. |
| Network Monitoring | Monitor Mobility Devices | Allows user to monitor mobility group events such as mobility statistics,mobility responder statistics,mobility initiator statistics |
| Network Monitoring | Deploy Monitoring Template Access | Allow user to deploy monitoring templates. |
| Network Monitoring | Wireless Dashboard Access | Allows user to view the wireless dashboard |
| Network Monitoring | Monitoring Policies | Allows user to identify the most used rules, troubleshoot a specific rule, and verify hits for the selected rule |
| Network Monitoring | Design Monitoring Template Access | Allow user to design monitoring templates. |
| Network Monitoring | Details Dashboard Access | Allow user to access the Detail dashboards. |
| Network Monitoring | Packet Capture Access | Allow user to initiate packet captures on NAM and supported routers. |
| Network Monitoring | Performance Dashboard Access | Allow user to access the Performance dashboard. |
| Network Monitoring | Voice Diagnostics | Allows users to access Voice Diagnostics information. |
| Network Monitoring | WAN Optimization Dashboard Access | Allow user to access the WAN Optimization dashboard. |
| Network Monitoring | WAN Optimization Multisegment Access | Allow user to access the WAN Multisegment dashboard. |
| Network Monitoring | Ack and Unack Security Index Issues | Allows users to Acknowledge or Unacknowledge Security Index Violations. |
| Network Monitoring | Monitor Media Streams | Allow user to monitor the media stream configuration information such as name, start and end address ,maximum bandwidth,operational status,average packet size,RRC updates, priority and violation |
| Network Monitoring | Config Audit Dashboard | Allows users to access Config Audit Dashboard. |
| Network Monitoring | Disable Clients | Allows users to access Disabled Clients page. |
| Network Monitoring | Monitor Tags | Allows user to monitor tags |
| Network Monitoring | Latest Config Audit Report | Allows user to view the latest config audit reports |
| Network Monitoring | Identify Unknown Users | Allows users to access Identify Unknown Users page. |
| Network Monitoring | Monitor Access Points | Allows users to view Monitor Access Points page. |
| Network Monitoring | Monitor Chokepoints | Allows users to access Monitor Chokepoints page. |
| Network Monitoring | Monitor Clients | Allows users to access Monitor Clients page. |
| Network Monitoring | Monitor Controllers | Allows users to access Monitor Controllers page. |
| Network Monitoring | Monitor Interferers | Allows users to access Monitor Interferers pages. |
| Network Monitoring | Monitor Spectrum Experts | Allows users to access |
| Network Monitoring | Monitor WiFi TDOA Receivers | Allows users to access Monitor WiFi TDOA Receivers pages. |
| Network Monitoring | RRM Dashboard | Allows users to access RRM Dashboard page. |
| Network Monitoring | Remove Clients | Allows users to access Remove Clients page. |
| Network Monitoring | Monitor Security | Allows user to monitor controller security information such as RADIUS authentication,RADIUS accounting,management frame protection,Rogue AP rules and guest users |
| Network Monitoring | Track Clients | Allows users to access Track Clients page. |
| Network Monitoring | View Security Index Issues | Allows users to access Security Index Issues page. |
| Network Monitoring | Monitor Third Party Controllers and Access Point | Allows users to access Monitor Third Party Controllers and Access Point pages. |
| Network Monitoring | Network Topology | Allows users to launch the Network Topology map and view the devices and links in the map. |
| Plug n Play Configuration | PnP Deploy History Read Access | Allows user to read provisioned devices status. |
| Plug n Play Configuration | PnP Deploy History Read-Write Access | Allows user to read and delete operations on provisioned devices. |
| Plug n Play Configuration | PnP Preferences Read Access | Allows user to view Plug and Play preferences. |
| Plug n Play Configuration | PnP Preferences Read-Write Access | Allows user to edit Plug and Play preferences. |
| Plug n Play Configuration | PnP Profile Deploy Read Access | Allows user to view Plug and Play provisioning profiles. |
| Plug n Play Configuration | PnP Profile Deploy Read-Write Access | Allow user to create, modify, and delete Plug and Play provisioning profiles. |
| Plug n Play Configuration | PnP Profile Read Access | Allow user to view Plug and Play profiles. |
| Plug n Play Configuration | WorkflowsReadWriteAccess | Allows user to set up configure the cisco IOS switches and access devices |
| Plug n Play Configuration | Workflows Read-Write Access | Allows uset to access PnP workflows. |
| Plug n Play Configuration | PnP Profile Read-Write Access | Allow user to create, delete, and modify Plug and Play profiles. |
| Reports | Autonomous AP Reports Read Only | Allow user to view Autonomous AP Reports. |
| Reports | CleanAir Reports Read Only | Allow user to view CleanAir Reports |
| Reports | ContextAware Reports Read Only | Allows user to access ContextAware Reports. |
| Reports | Client Reports Read Only | Allow user to view Client Reports |
| Reports | Context Aware Reports Read Only | Allows user to run context aware/location-specific reports. |
| Reports | Custom NetFlow Reports Read Only | Allow user to view custom NetFlow reports. |
| Reports | Custom NetFlow Reports | Allow user to access custom NetFlow reports |
| Reports | Device Reports Read Only | Allows user to read generated device reports |
| Reports | Guest Reports Read Only | Allow user to view Guest Reports. |
| Reports | MSAP Reports Read Only | Allows user to run Mobile Concierge reports. |
| Reports | MSE Analytics Read Only | Allows user to run Location Analytics reports. |
| Reports | Mesh Reports Read Only | Allow user to view Mesh Reports. |
| Reports | Network Summary Reports | Allows user to create and run network summary reports |
| Reports | Network Summary Reports Read Only | Allows user to view all Summary reports. |
| Reports | Performance Reports Read Only | Allow user to view Performance reports. |
| Reports | Raw NetFlow Reports Read Only | Allow user to view Raw NetFlow reports. |
| Reports | Raw NetFlow Reports | Allow user to view NetFlow reports. |
| Reports | Report Launch Pad | Allow user to access the Report page. |
| Reports | Run Reports List | Allow user to run reports. |
| Reports | Saved Reports List Read Only | Allow user to view saved reports. |
| Reports | Saved Reports List | Allow user to save reports. |
| Reports | Compliance Reports Read Only | Allows user to configuration audit,network discrepancy,PCI DSS detailed and PCI DSS summary reports,PSIRT detailed and PSIRT summary reports |
| Reports | Compliance Reports | Allows user to customize the configuration audit ,network discrepancy,PCI DSS detailed and PCI DSS summary reports,PSIRT detailed and PSIRT summary reports |
| Reports | Security Reports Read Only | Allow user to create Security Reports. |
| Reports | Virtual Domains List | Allow user to create the Virtual Domain related report |
| Reports | Autonomous AP Reports | Allow user to create Autonomous AP Reports |
| Reports | CleanAir Reports | Allow user to create CleanAir Reports |
| Reports | Client Reports | Allow user to create Client Reports |
| Reports | Context Aware Reports | Allows user to run context aware/location-specific reports. |
| Reports | Voice Audit Report | Allows user to check the controller configuration and highlight audit violation |
| Reports | Device Reports | Allow user to run reports specific to monitoring specific report related to Devices. |
| Reports | Guest Reports | Allow user to create Guest Reports |
| Reports | Identity Search Engine | Allow user to create Identity Search Engine Reports. |
| Reports | MSAP Reports | Allows user to run Mobile Concierge reports. |
| Reports | MSE Analytics | Allows user to run Location Analytics reports. |
| Reports | Mesh Reports | Allow user to create Mesh Reports. |
| Reports | Performance Reports | Allow user to view Performance reports. |
| Reports | Report Run History | Allow user to view report history. |
| Reports | Security Reports | Allow user to view wireless security reports related to rogue APs, wIPS etc. |
| Reports Menu String Task | Reports Menu Access | Allow user to view the Report page. |
| Search Widget String Task | Search Access | Allows user to search from the Header. User can either search for menu items and/or data on the Prime Infrastructure server. |
| Software Image Management | Swim Access Privilege | * *Allows user to view and access Inventory > Software Images. |
| Software Image Management | Swim Collection | Allows user to collect images from different locations such as from devices, from Cisco.com, or from URLs. |
| Software Image Management | Swim Delete | Allows user to delete an image from the Software Images page, except for images that are included in Plug and Play profiles. |
| Software Image Management | Swim Distribution | Allows users to upgrade and downgrade software versions to managed devices in their network. |
| Software Image Management | Swim Info Update | * *Allows the user to edit and save image properties such as minimum RAM, minimum FLASH and minimum boot ROM version. |
| Software Image Management | Swim Preference Save | Allows user to save preference options on Software Images page. |
| Software Image Management | Swim Recommondation | Allows user to recommend images from Cisco.com and from the local repository. |
| Software Image Management | Manage Protocol | Allows user to manage protocol |
| Software Image Management | Add Software Image Management Servers | Allows user to add software imagemanagement servers |
| Software Image Management | Swim Upgrade Analysis | Allows user to analyze software images to determine if the hardware upgrades (boot ROM, flash memory, RAM, and boot flash, if applicable) are required before performing a software upgrade. |
| Software Image Management | Swim Activation | Allows user to upgrade and downgrade software versions to managed devices in their network |
| Software Image Management | Swim Upgrade Analysis | Allows user to analyze software images to determine if the hardware upgrades (boot ROM, flash memory, RAM, and boot flash, if applicable) are required before performing a software upgrade. |
| Software Updates UBF Upload | Software Updates UBF Upload | Allows the user to upload UBF patches. |
| Theme Changer Menu Item | Theme Changer Access | Allows user to switch between the Converged theme and the Classic View theme. |
| Tools Menu String Task | Tools Menu Access | Provides easy access to commonly used troubleshooting and diagnostic pages. |
| User Administration | Audit Trails | Allows user to access the Audit trails on user login and logout. |
| User Administration | RADIUS Servers | Allows user to access the RADIUS Servers menu |
| User Administration | SSO Server AAA Mode | Allows user to access the AAA menu |
| User Administration | SSO Servers | Allows user to access the SSO menu |
| User Administration | TACACS+ Servers | Allows user to access the TACACS+ Servers menu |
| User Administration | Users and Groups | Allows user to access the Users and Groups menu |
| User Administration | Virtual Domain Management | Allows user to access the Virtual Domain Management menu |
| View Online Help | OnlineHelp | Allows user to access the Prime Infrastructure online help. |
| Network Configuration | Network Topology Edit | Allows user to create devices, links and network in the topology map, edit the manually created link to assign the interfaces. |
| Network Monitoring | Site Visibility Access | Allows user to access site visibility. |
| Network Monitoring | PfR Monitoring Access | Allows the user to access and view the PfR Monitoring page |
| Network Monitoring | Lync Monitoring Access | Allows the user to access and view the Lync monitoring page |
| Network Monitoring | Incidents Alarms Events Access | Allows user to access incidents alarms events |
| Network Monitoring | Service Health Access | Allows the user to access and view the Service Health page |
| Network Configuration | Compliance Audit PAS Access | Allows user to audit and view PSIRT and EOX report |
| Network Configuration | Compliance Audit Policy Access | Allows user to create, Modify and Delete Compliance Policy |
| Network Configuration | Compliance Audit Profile Access | Allows user to create. Modify and Delete Compliance Profiles and Run Compliance Audit |
| Network Configuration | Compliance Audit Fix Access | Allows user to access Compliance Audit Job, Compliance Fix Job and Violations summary |
| Operations Center Tasks | Allow report/dashlet use for users with only NBI Read access | Enable this option for users with NBI Read access so they can generate reports and populate all dashlets. |
| Reports | Custom Composite Report | Allow user to create 'custom' report with two or more (upto 5 reports ) existing report templates into a single report. |
| User Administration | Virtual Elements Tab Access | When creating virtual domain or adding members to a virtual domain, allows uses to access the virtual elements tab, so as to allow user to add virtual elements (Datacenters, Clusters and Hosts) to virtual domain |
| Operations Center Tasks | Manage and Monitor Servers Page Access | Allows access to the Manage & Monitor Servers Page. |
| Operations Center Tasks | Administrative privileges under Manage and Monitor Servers page | Allows for administrative tasks such as Add/Delete/Edit/Activate and deactivate of servers under M&M page |
| Product Usage | Product Feedback | Allows the user to access the Help Us Improve page. |
| Diagnostic Tasks | Diagnostic Information | Controls access to diagnostic page |
| Global Variable Configuration | Global Variable Access | Allows user to access global variable. |
| Mobility Services | View CAS Notifications Only | Allows user to view the CAS notifications |
| Mobility Services | Mobility Service Management | Allows user to edit properties and parameters, view session and Trap destinations,manage user and group accoounts,and monitor status information for mobility services engine |
Contributed by Cisco Engineers
- CSG Engineering Team
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)