I have made two ACS user groups tac 1 and tac 2 assign them full rights on two different Network device group, G1 and G2. Tac 1 only able to access G1 group not other group.
Now my requirement is that Tac 1 user group also access G2 devices but with limited commands.
Right now i m achieving this by making a third user group G3 and assigning it Readonly permission on all devices.
But I want same tac 1 group user get full rights on G1 devices but read only for G2 devices.
Please tell me how to achieve this.
You need to use option "Assign a Shell Command Authorization Set on a per Network Device Group Basis" , under shell command authorization.