I have some NX-OS MDS switches and some NEXUS switches. I am using a Cisco ACS 5.2 for admin authentication and I am trying to understand the difference between privilege levels and the admin roles. I understand how to use shell profiles to assign admin role under custom attributes and assign privilege levesl under common tasks, but I don't fully understand the how these are applied with NX-OS.
For example I have been doing some testing on a Cisco MDS 9222i...a user with privilege level 1, but with the admin role appears to have authorization for all commands and is able to see the admin tab in fabric manager. A user without the admin role, but with privilege 15 can perform all commands but can't see the admin tab in fabric manager.
In another one of my environments I had a problem where users who where given privilege level 15 and the admin role were able to do everything on the MDS switches, but with the admin role, they were unauthorized to enter configure termial on IOS devices.
If anyone can help explain this to me or point me to a page that explains NX-OS admin roles / privileges / best practices for authorizing users that would be great! Thanks.