Authorization per device

jauhar1980 · ‎01-27-2010

Hi,

I want to authorized user in Cisco ACS per network devices added in Cisco ACS 4.2. My theme is to give full access on device-1 and read-only access on device-2 to same user. Kindly guide me to do this.

Regards,

Atif.

spremkumar · ‎01-27-2010

r u using any external database to authenticate the user?

rgds

jauhar1980 · ‎01-27-2010

Yes, I am using Window Active Directory as a external database for authentication

Jatin Katyal · ‎01-27-2010

Hi Atif,

You can assign Shell Auth. Sets at the user,group or NDG level.More details are mentioned on the following link:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/SPC.html#wpmkr697610

You need to create two command set, one for "Read-only access" and other for " Full access"

Full access:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml#scenario1

Read-only access:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml#scenario2

Once you are done with command set after that edit the user/group setup > Jump to shell command authorizatio section

Look for the third option "Assign a Shell Command Authorization Set on a per Network Device Group Basis"

And there you can select the NDG's and command set > submit and restart.

Please make sure that you have all the required command authorization on the device.

HTH

Regards,

JK

Plz rate helpful posts-

~Jatin