06-05-2008 10:55 AM - edited 03-10-2019 03:53 PM
Hi all,
Using tacacs, can you restrict a users rights to certain equipment while giving them full access to others?
What I mean to say is: Can "User A" have view access to Switch 1, Global config access to Switch 2, and no access to Router 1?
All using the same tacacs server.
Thanks in advance!
Andy
06-05-2008 11:33 AM
Yes it can be done, Sorry I am editing my post now, did not read your question carefully.
As stated by jgambhir, you need to have different NDGs for this to work. Please note that NDGs are not visible in ACS by default, you have to enable them from the 'Interface' Page.
Regards
Farrukh
06-05-2008 11:35 AM
Andy,
Yes that is possible. You can give an user different privilege on different NAS.
Here is the link for command authorization ,
In acs , group set up , we have a option of Assign a Shell Command Authorization Set on a per Network Device Group Basis.
You can also give different enable privilege by using option-
Define max Privilege on a per network device group basis
Hope that helps
Regards,
~JG
Do rate helpful posts
06-20-2008 11:52 AM
Configure NAR and command authorization, command authorization is only supported by TACACS
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: