Type of Users created in Cisco ACS!!

rajeev.payal · ‎12-03-2008

Hi,

I have just configured Cisco ACS for windows .In that i created two users, GUEST & ADMIN. ADMIN has all the rights but guest can only run "show" commands. Now my Bose is asking me to create different users & provide different priviledges to them.he asked me to use the best practices followed in industries.

So my query is : commonly what type of & how many users are created in Cisco ACS & what type of different priviledges provided to each? I know this is some thing not technical but still an expert who is familiar with its installations can answer/ show the road map to me!!!

Please its urgent!! i have only 1 day time!!!

vkapoor5 · ‎12-09-2008

There are three types of users. Their significance varies depending on whether the service requested is authentication.

1)Known users

2)Unknown users

3)Discovered users

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/qu.html#wp277143

darpotter · ‎01-08-2009

Hi

Not easy to answer. You need to start with what your organisation wants/needs to achieve and then figure out how to implement in ACS.

Typically customers may have several groups of device administrators - perhaps on geography, BU or similar.

Device Command Sets (DCS) can be used to defined the various sets of permissions that any one group should get.

If you define your devices in Network Device Groups you can, for any given group, map to different DCS based upon which NDG is being accessed.

ie you can implement Role Based Access Control. This allows you to give say full access to Group A when managing device group X and perhaps read only when managing device group Y.

But the starting point is what your business needs and not what you can do in ACS.