Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Type of Users created in Cisco ACS!!

Hi,

I have just configured Cisco ACS for windows .In that i created two users, GUEST & ADMIN. ADMIN has all the rights but guest can only run "show" commands. Now my Bose is asking me to create different users & provide different priviledges to them.he asked me to use the best practices followed in industries.

So my query is : commonly what type of & how many users are created in Cisco ACS & what type of different priviledges provided to each? I know this is some thing not technical but still an expert who is familiar with its installations can answer/ show the road map to me!!!

Please its urgent!! i have only 1 day time!!!

2 REPLIES
Bronze

Re: Type of Users created in Cisco ACS!!

There are three types of users. Their significance varies depending on whether the service requested is authentication.

1)Known users

2)Unknown users

3)Discovered users

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/qu.html#wp277143

Silver

Re: Type of Users created in Cisco ACS!!

Hi

Not easy to answer. You need to start with what your organisation wants/needs to achieve and then figure out how to implement in ACS.

Typically customers may have several groups of device administrators - perhaps on geography, BU or similar.

Device Command Sets (DCS) can be used to defined the various sets of permissions that any one group should get.

If you define your devices in Network Device Groups you can, for any given group, map to different DCS based upon which NDG is being accessed.

ie you can implement Role Based Access Control. This allows you to give say full access to Group A when managing device group X and perhaps read only when managing device group Y.

But the starting point is what your business needs and not what you can do in ACS.

159
Views
0
Helpful
2
Replies