Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS 5.3 host Internal identity store, per group modification restriction


I'm currently looking for a solution in order to restrict the modification of the host internal identity store (add or delete MAC host) per group. The default administrator roles does not include "per group restriction". Under the ACS I defined one group per department?

Please check the attached JPG file.

My objective it to allow each department to access their ACS MAC database to add or delete MAC addresses as required.

My question is:

How to restrict internal identity store per group?

Do I need to create new roles? and how?

I was not able to get an answer from the ACS ADMIN manual. Please attach any related document.

Thanks for your input

  • AAA Identity and NAC
Everyone's tags (5)
New Member

ACS 5.3 host Internal identity store, per group modification res

I´m having the same issue but with the user management of different groups.

In previous ACS version 4.1 a management account was able to manage a particular user group.

Since I´m upgrading from a previous ACS version we need to support this management advantage.


This widget could not be displayed.