Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

TACACS and CSS privilege levels

I hace successfully deployed the CSS with TACACS authentication. So far I can get both privileged and non-privileged users (show commands) but nothing in between. WEBNS can successfully differentiate between the different user levels as well.

We need to be able to have data center operators suspend or activate services upon request without the risk of them mistakenly making other changes.

How do I give them controlled access to do this? I have not had success with including additional commands in the TACACS command set. If I include configure in the command set, the user ends up in a login loop because they are not privileged.

2 REPLIES
Community Member

Re: TACACS and CSS privilege levels

You will need to set up shell commands. I did this setting up Network groups and User groups.

To set up Command authorization you can look here:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/csapp33/user/c.pdf

Here is the entire user guide for the TACACS:

http://cisco.com/application/pdf/en/us/guest/products/ps5927/c2001/ccmigration_09186a00803a9cbb.pdf

Community Member

Re: TACACS and CSS privilege levels

Thanks. The command authorization provided more insight.

I did get a more granular set of command controls that work in telnet sessions, but WEBNS seems to ignore the command set, providing the user with more privileges than they get on the command line.

I've opened a TAC case on this and have not heard back on it yet.

166
Views
0
Helpful
2
Replies
CreatePlease to create content