Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

User Priviledges in ACS

Hello Dears,

I have created a user in ACS 5.0 i want to give piriviledge level 15 to that user,which TAB i have to route to give permission of privilege 15,i have worked on ACS 4.2 ,,ACS 5.0 is very much new for me

Cisco Employee

Re: User Priviledges in ACS

Can we have a bit of switch config ? as well as the authorization profile screenshot of the user on ACS ?


New Member

Re: User Priviledges in ACS

Hello Dear's,

It is a HP switch with manager access (that means privi 15) i want to enable privi 15 on user in ACS,There aaa authorization exec default group tacacs+ authorization configured  on switch hence it is a HP switch, and except username nothing configured for user in ACS,i want to enable privilege level 15.


Re: User Priviledges in ACS

You have to go to "policy elements/Authorizations and permissions/Device Administration/Shell Profiles". There you create a "new shell profile".

If you're using a Cisco IOS device then you will choose "Common Tasks/Default Privilege/Static" and choose the level you want.

Since you're using an HP switch maybe you'll have to choose "Custom attributes", findout what's the attribute called in the HP world and then set the value.

New Member

Re: User Priviledges in ACS

Hello Dear,

No such configuration in user profile how it will reflect to user when he login's in,  I do have a cisco switches also, As in ACS 4.2 we use to do.

Enable the following TACACS+ settings in the user’s profile. (Make sure they are
enabled for user’s profile in the ACS interface configuration). On the TACACS+
Settings section of the page check the Shell (exec) checkbox and set the
Privilege Level field to 15.

Can u explore more for 5.0,, And where is custom attribute tab

Re: User Priviledges in ACS

Hi. In ACS 5.x there are no "user profiles" or "group profiles" anymore. Instead you'll use "policy elements" and "access policies". By default you have two access policies "default device admin" and "default network access". Since you're working with switches you can choose "default device admin" and click "authorization". That's where you can link the policy to the "shell profile" I told you in the previous post.

By the way, ACS 5.0 is too old now. it's better if you use ACS 5.1 or ACS 5.2

CreatePlease to create content