Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Authorization per device

Hi,

I want to authorized user in Cisco ACS per network devices added in Cisco ACS 4.2. My theme is to give full access on device-1 and read-only access on device-2 to same user. Kindly guide me to do this.

Regards,

Atif.

3 REPLIES

Re: Authorization per device

r u using any external database to authenticate the user?

rgds

Community Member

Re: Authorization per device

Yes, I am using Window Active Directory as a external database for authentication

Cisco Employee

Re: Authorization per device

Hi Atif,


You can assign Shell Auth. Sets at the user,group or NDG level.More details are mentioned on the following link:


http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/SPC.html#wpmkr697610


You need to create two command set, one for "Read-only access" and other for " Full access"


Full access:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml#scenario1


Read-only access:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml#scenario2


Once you are done with command set after that edit the user/group setup > Jump to shell command authorizatio section


Look for the third option "Assign a Shell Command Authorization Set on a per Network Device Group Basis"


And there you can select the NDG's and command set > submit and restart.


Please make sure that you have all the required command authorization on the device.


HTH


Regards,

JK


Plz rate helpful posts-

~Jatin Katyal
352
Views
0
Helpful
3
Replies
CreatePlease to create content